STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

AAA Services must be configured to use at least two NTP servers to synchronize time.

DISA Rule

SV-95593r1_rule

Vulnerability Number

V-80883

Group Title

SRG-APP-000516-AAA-000350

Rule Version

SRG-APP-000516-AAA-000350

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001891 - The information system compares internal information system clocks on an organization-defined frequency with an organization-defined authoritative time source.

Weight

10

Fix Recommendation

Configure AAA Services to use two separate NTP servers. Both a primary and backup NTP server must be identified in the configuration.

Check Contents

Verify AAA Services are configured to use at least two NTP servers to synchronize time. Both a primary and backup NTP server must be identified in the configuration. AAA Services may leverage the capability of an operating system.

If AAA Services are not configured to use at least two separate NTP servers, this is a finding.

Vulnerability Number

V-80883

Documentable

False

Rule Version

SRG-APP-000516-AAA-000350

Severity Override Guidance

Verify AAA Services are configured to use at least two NTP servers to synchronize time. Both a primary and backup NTP server must be identified in the configuration. AAA Services may leverage the capability of an operating system.

If AAA Services are not configured to use at least two separate NTP servers, this is a finding.

Check Content Reference

M

Target Key

3357

Comments