10.4.1 Critical systems have the correct and consistent time.
10.4.1.a Examine the process for acquiring, distributing and storing the correct time within the organization to verify that:
• Only the designated central time server(s) receives time signals from external sources, and time signals from external sources are based on International Atomic Time or UTC.
• Where there is more than one designated time server, the time servers peer with one another to keep accurate time,
• Systems receive time information only from designated central time server(s).
10.4.1.b Observe the time-related system-parameter settings for a sample of system components to verify:
• Only the designated central time server(s) receives time signals from external sources, and time signals from external sources are based on International Atomic Time or UTC.
• Where there is more than one designated time server, the designated central time server(s) peer with one another to keep accurate time.
• Systems receive time only from designated central time server(s).
Time synchronization technology is used to synchronize clocks on multiple systems. When clocks are not properly synchronized, it can be difficult, if not impossible, to compare log files from different systems and establish an exact sequence of event (crucial for forensic analysis in the event of a breach). For post-incident forensics teams, the accuracy and consistency of time across all systems and the time of each activity is critical in determining how the systems were compromised.