The Nokia router must be configured to authenticate Network Time Protocol (NTP) sources using authentication with a Federal Information Processing Standard (FIPS)-compliant algorithm.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-283781 | NOKI-ND-000710 | SV-283781r1203388_rule | CCI-001967 | medium |
| Description | ||||
| If NTP is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can be used to send incorrect time information to network devices, which will make log timestamps inaccurate and affect scheduled actions. NTP authentication is used to prevent such tampering by authenticating the time source. | ||||
| STIG | Date | |||
| Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide | 2026-06-15 | |||
Details
Check Text (C-283781r1203388_chk)
Review the Nokia router configuration to determine if the Nokia router authenticates NTP endpoints before establishing a local, remote, or network connection using authentication that is cryptographically based.
Using the command below, verify NTP server "Admin status" and "Oper status" are listed and "Auth Check" is enabled.
- show system ntp detail
NTP Status
Configured : Yes Stratum : 3
Admin Status : up Oper Status : up
Server Enabled : No Server Authenticate : No
Clock Source : 10.1.0.158
Auth Check : Yes
Auth Keychain : test
Auth Errors : 0 Auth Errors Ignored : 0
Auth Key Id Errors : 0 Auth Key Type Errors : 0
Current Date & Time: 2025/11/12 02:19:32 UTC
NOTE: Nokia router is limited to MD-5 for NTP authentication and incurs a permanent finding as it is not FIPS compliant. MD-5 partially reduces the risk but cannot fully mitigate it.
If the Nokia router does not authenticate NTP sources using authentication that is cryptographically based, this is a finding.
Fix Text (F-88251r1203387_fix)
Configure the Nokia router to authenticate NTP sources using authentication that is cryptographically based.
Configure NTP for authentication with MD-5, as shown in the example below:
- configure system time ntp server <NTP server ip address> authentication-key <key id> key <key> type message-digest