last sync: 2024-Oct-11 17:51:27 UTC

Use system clocks for audit records | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Use system clocks for audit records
Id 1ee4c7eb-480a-0007-77ff-4ba370776266
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0535 - Use system clocks for audit records
Additional metadata Name/Id: CMA_0535 / CMA_0535
Category: Operational
Title: Use system clocks for audit records
Ownership: Customer
Description: Microsoft recommends that your organization use internal system clocks to generate time stamps for audit records. Your organization should consider creating and maintaining Audit and Accountability policies and standard operating procedures that govern the configuration of systems connected to your environment by requiring them to maintain synchronization of their time with an authoritative time source. Learn More: Windows Time for Traceability - https://aka.ms/AA9ytvm https://docs.microsoft.com/azure/virtual-machines/windows/time-sync#:~:text=Azure%20hosts%20are%20synchronized%20to%20internal%20Microsoft%20time,a%20time%20server%2C%20or%20a%20combination%20of%20both.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 14 compliance controls are associated with this Policy definition 'Use system clocks for audit records' (1ee4c7eb-480a-0007-77ff-4ba370776266)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AU-8 FedRAMP_High_R4_AU-8 FedRAMP High AU-8 Audit And Accountability Time Stamps Shared n/a The information system: a. Uses internal system clocks to generate time stamps for audit records; and b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement]. Supplemental Guidance: Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. Related controls: AU-3, AU-12. References: None. link 1
FedRAMP_High_R4 AU-8(1) FedRAMP_High_R4_AU-8(1) FedRAMP High AU-8 (1) Audit And Accountability Synchronization With Authoritative Time Source Shared n/a The information system: (a) Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]; and (b) Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period]. Supplemental Guidance: This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. link 1
FedRAMP_Moderate_R4 AU-8 FedRAMP_Moderate_R4_AU-8 FedRAMP Moderate AU-8 Audit And Accountability Time Stamps Shared n/a The information system: a. Uses internal system clocks to generate time stamps for audit records; and b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement]. Supplemental Guidance: Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. Related controls: AU-3, AU-12. References: None. link 1
FedRAMP_Moderate_R4 AU-8(1) FedRAMP_Moderate_R4_AU-8(1) FedRAMP Moderate AU-8 (1) Audit And Accountability Synchronization With Authoritative Time Source Shared n/a The information system: (a) Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]; and (b) Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period]. Supplemental Guidance: This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. link 1
hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 12 Audit Logging & Monitoring 1210.09aa3System.3-09.aa 09.10 Monitoring Shared n/a All disclosures of covered information within or outside of the organization are logged including type of disclosure, date/time of the event, recipient, and sender. 11
ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Operations Security Clock Synchronization Shared n/a The clocks of all relevant information processing systems within an organization or security domain shall be synchronized to a single reference time source. link 8
mp.info.4 Time stamps mp.info.4 Time stamps 404 not found n/a n/a 33
NIST_SP_800-171_R2_3 .3.7 NIST_SP_800-171_R2_3.3.7 NIST SP 800-171 R2 3.3.7 Audit and Accountability Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records Shared Microsoft and the customer share responsibilities for implementing this requirement. Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. This requirement provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network. See [IETF 5905]. link 1
NIST_SP_800-53_R4 AU-8 NIST_SP_800-53_R4_AU-8 NIST SP 800-53 Rev. 4 AU-8 Audit And Accountability Time Stamps Shared n/a The information system: a. Uses internal system clocks to generate time stamps for audit records; and b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement]. Supplemental Guidance: Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. Related controls: AU-3, AU-12. References: None. link 1
NIST_SP_800-53_R4 AU-8(1) NIST_SP_800-53_R4_AU-8(1) NIST SP 800-53 Rev. 4 AU-8 (1) Audit And Accountability Synchronization With Authoritative Time Source Shared n/a The information system: (a) Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]; and (b) Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period]. Supplemental Guidance: This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. link 1
NIST_SP_800-53_R5 AU-8 NIST_SP_800-53_R5_AU-8 NIST SP 800-53 Rev. 5 AU-8 Audit and Accountability Time Stamps Shared n/a a. Use internal system clocks to generate time stamps for audit records; and b. Record time stamps for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp. link 1
op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found n/a n/a 67
PCI_DSS_v4.0 10.6.1 PCI_DSS_v4.0_10.6.1 PCI DSS v4.0 10.6.1 Requirement 10: Log and Monitor All Access to System Components and Cardholder Data Time-synchronization mechanisms support consistent time settings across all systems Shared n/a System clocks and time are synchronized using time-synchronization technology. link 1
PCI_DSS_v4.0 10.6.2 PCI_DSS_v4.0_10.6.2 PCI DSS v4.0 10.6.2 Requirement 10: Log and Monitor All Access to System Components and Cardholder Data Time-synchronization mechanisms support consistent time settings across all systems Shared n/a Systems are configured to the correct and consistent time as follows: • One or more designated time servers are in use. • Only the designated central time server(s) receives time from external sources. • Time received from external sources is based on International Atomic Time or Coordinated Universal Time (UTC). • The designated time server(s) accept time updates only from specific industry-accepted external sources. • Where there is more than one designated time server, the time servers peer with one another to keep accurate time. • Internal systems receive time information only from designated central time server(s). link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 1ee4c7eb-480a-0007-77ff-4ba370776266
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC