STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.

DISA Rule

SV-220601r521267_rule

Vulnerability Number

V-220601

Group Title

SRG-APP-000373-NDM-000298

Rule Version

CISC-ND-001030

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001893 - The information system identifies a secondary authoritative time source that is located in a different geographic region than the primary authoritative time source.

Weight

10

Fix Recommendation

Configure the Cisco switch to synchronize its clock with redundant authoritative time sources as shown in the example below:

SW2(config)#ntp server x.x.x.x
SW2(config)#ntp server y.y.y.y

Check Contents

Review the Cisco switch configuration to verify that it synchronizes its clock with redundant authoritative time sources as shown in the example below:

ntp server x.x.x.x
ntp server y.y.y.y

If the Cisco switch is not configured to synchronize its clock with redundant authoritative time sources, this is a finding.

Vulnerability Number

V-220601

Documentable

False

Rule Version

CISC-ND-001030

Severity Override Guidance

Review the Cisco switch configuration to verify that it synchronizes its clock with redundant authoritative time sources as shown in the example below:

ntp server x.x.x.x
ntp server y.y.y.y

If the Cisco switch is not configured to synchronize its clock with redundant authoritative time sources, this is a finding.

Check Content Reference

M

Target Key

4069

Comments