10.4 Obtain and review the process for acquiring and distributing the correct time within the organization, as well as the time-related system-parameter settings for a sample of system components, critical servers, and wireless access points. Verify the following is included in the process and implemented:
10.4.a Verify that NTP or similar technology is used for time synchronization
10.4.b Verify that internal servers are not all receiving time signals from external sources. [Two or three central time servers within the organization receive external time signals [directly from a special radio, GPS satellites, or other external sources based on International Atomic Time and UTC (formerly GMT)], peer with each other to keep accurate time, and share the time with other internal servers.]
10.4.c Verify that the Network Time Protocol (NTP) is running the most recent version
10.4.d Verify that specific external hosts are designated from which the time servers will accept NTP time updates (to prevent an attacker from changing the clock). Optionally, those updates can be encrypted with a symmetric key, and access control lists can be created that specify the IP addresses of client machines that will be provided with the NTP service (to prevent unauthorized use of internal time servers).
See www.ntp.org for more information
[PCI DSS 1.x] 10.4 Synchronize all critical system clocks and times
[READ-ONLY] Archives
[RETIRED] PCI DSS v.1.x Questions and Answers
Regularly Monitor and Test Networks