Nutanix OS must configure redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279573 | NXAC-OS-000113 | SV-279573r1192434_rule | CCI-001890 | low |
| Description | ||||
| Nutanix OS must compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant USNO time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the GPS to synchronize clocks between NetIM components. Satisfies: SRG-OS-000359-GPOS-00146, SRG-OS-000785-GPOS-00250, SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144 | ||||
| STIG | Date | |||
| Nutanix Acropolis GPOS Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279573r1192434_chk)
Verify Nutanix OS is using Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
1. Verify the "maxpoll" option is set to 16 or fewer and is not commented out using the following command.
$ sudo grep maxpoll /etc/chrony.conf
server 0.us.pool.ntp.mil maxpoll 10 iburst
2. Verify the "chrony.conf" file is configured to an authoritative DOD time source using the following command.
$ sudo grep -i server /etc/chrony.conf
server 0.us.pool.ntp.mil
If the parameter "server" is not set to an authoritative DOD time source, this is a finding.
Fix Text (F-84031r1192433_fix)
Run the following command to add a list of DOD-approved NTP servers.
$ ncli cluster add-to-ntp-servers servers=IP_1,IP_2,IP_3