STIGQter: STIG Summary: Cisco IOS XR Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.

DISA Rule

SV-216535r531088_rule

Vulnerability Number

V-216535

Group Title

SRG-APP-000373-NDM-000298

Rule Version

CISC-ND-001030

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001893 - The information system identifies a secondary authoritative time source that is located in a different geographic region than the primary authoritative time source.

Weight

10

Fix Recommendation

Configure the Cisco router to synchronize its clock with redundant authoritative time sources as shown in the example below.

RP/0/0/CPU0:R3 (config)#ntp server x.x.x.x
RP/0/0/CPU0:R3 (config)#ntp server y.y.y.y

Check Contents

Review the Cisco router configuration to verify that it is compliant with this requirement as shown in the configuration example below.

ntp server x.x.x.x
ntp server y.y.y.y

If the Cisco router is not configured to synchronize its clock with redundant authoritative time sources, this is a finding.

Vulnerability Number

V-216535

Documentable

False

Rule Version

CISC-ND-001030

Severity Override Guidance

Review the Cisco router configuration to verify that it is compliant with this requirement as shown in the configuration example below.

ntp server x.x.x.x
ntp server y.y.y.y

If the Cisco router is not configured to synchronize its clock with redundant authoritative time sources, this is a finding.

Check Content Reference

M

Target Key

4023

Comments