Details

The network element must use two or more NTP servers to synchronize time.

Without synchronized time, accurately correlating information between devices becomes difficult, if not impossible. If you cannot successfully compare logs between each of your routers, switches, and firewalls, it will be very difficult to determine the exact events that resulted in a network breach incident. NTP provides an efficient and scalable method for network elements to synchronize to an accurate time source.

NOTE: An alternative to querying an NTP server for time is to receive NTP updates via server that is broadcasting or multicasting the time update messages. If you already have two NTP servers defined this check in not necessary.

NOTE: Change ‘MULTICAST_IP_1’ to The IP address of the first NTP multicast address listed for your organization.

Solution

Configure the device to use two separate NTP servers.

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_Network_L2_Switch_V8R27_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

• 800-53|CM-6b.
• CAT|III
• CSCv6|3.1
• Rule-ID|SV-41497r1_rule
• STIG-ID|NET0812
• Vuln-ID|V-23747

Source

• Tenable.com/audits