Details
Correct date and time settings are required for authentication protocols, file creation, modification dates and log entries.
Note: If your organization has internal time servers, enter them here. Enterprise mobile devices may need to use a mix of internal and external time servers. If multiple servers are required use the Date & Time System Preference with each server separated by a space.
Rationale:
Kerberos may not operate correctly if the time on the Mac is off by more than 5 minutes. This in turn can affect Apple’s single sign-on feature, Active Directory logons, and other features.
Impact:
Apple’s automatic time update solution will enable an NTP server that is not controlled by the Application Firewall. Turning on ‘Set time and date automatically’ allows other computers to connect to set their time and allows for exploit attempts against ntpd. It also allows for more accurate network detection and OS fingerprinting
Current testing shows scanners can easily determine the MAC address and the OS vendor. More extensive OS fingerprinting may be possible.
Solution
Perform the following to implement the prescribed state:
Open System Preferences
Select Date & Time
Select Set date and time automatically
Alternatively run the following commands:
sudo systemsetup -setnetworktimeserver
sudo systemsetup -setusingnetworktime on
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.