The macOS system must be configured to use an authorized time server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259450 | APPL-14-000170 | SV-259450r1038944_rule | CCI-004923 | medium |
| Description | ||||
| Approved time servers must be the only servers configured for use. This rule ensures the uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. An authoritative time server is synchronized with redundant United States Naval Observatory (USNO) time servers as designated for the appropriate DOD network. Satisfies: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144 | ||||
| STIG | Date | |||
| Apple macOS 14 (Sonoma) Security Technical Implementation Guide | 2024-12-04 | |||
Details
Check Text (C-259450r1038944_chk)
Verify the macOS system is configured to use an authorized time server with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\
.objectForKey('timeServer').js
EOS
If the result is not an authoritative time server which is synchronized with redundant USNO time servers as designated for the appropriate DOD network, this is a finding.
Fix Text (F-63097r940971_fix)
Configure the macOS system to use an authorized time server by installing the "com.apple.MCX" configuration profile.