OpenControls Logo

STIG Viewer

AOS must be configured to synchronize internal information system clocks using redundant authoritative time sources.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-266953ARBA-ND-000298SV-266953r1039880_ruleCCI-000366medium
Description
The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run mode) and increasingly inaccurate time stamps on audit events and other functions. Multiple time sources provide redundancy by including a secondary source. Time synchronization is usually a hierarchy; clients synchronize time to a local source while that source synchronizes its time to a more accurate source. The network device must use an authoritative time server and/or be configured to use redundant authoritative time sources. This requirement is related to the comparison done in CCI-001891. DOD-approved solutions consist of a combination of a primary and secondary time source using a combination or multiple instances of the following: a time server designated for the appropriate DOD network (NIPRNet/SIPRNet); United States Naval Observatory (USNO) time servers; and/or the Global Positioning System (GPS). The secondary time source must be located in a different geographic region than the primary time source.
STIGDate
HPE Aruba Networking AOS NDM Security Technical Implementation Guide2024-10-29

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · V1R1 · disa_xccdf · related

Details

Check Text (C-266953r1039880_chk)

Verify the AOS configuration with the following command: show ntp servers If at least two NTP servers are not configured, this is a finding.

Fix Text (F-70780r1039879_fix)

Configure AOS with the following commands: configure terminal ntp authentication-key (keyid #> sha1 <plaintext key> ntp trusted-key <keyid #> ntp server <first fqdn, ipv4, or ipv6 address> key <keyid #> ntp server <second fqdn, ipv4, or ipv6 address> key <keyid #> ntp authenticate write memory