Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source.

STIG ID: APAS-AT-000093  |  SRG: SRG-APP-000371-AS-000077 |  Severity: medium |  CCI: CCI-004923,CCI-004926 |  Vulnerability Id: V-256909 | 

Vulnerability Discussion

When conducting forensic analysis and investigating system events, it is critical that timestamps accurately reflect the time of application events. If timestamps are not deemed to be accurate, the integrity of the forensic analysis and the associated determinations are at stake. This leaves the organization and the system vulnerable to intrusions.

Satisfies: SRG-APP-000371-AS-000077, SRG-APP-000372-AS-000212

Check

As a system administrator for each Automation Controller host, ensure the NTP client is configured to synchronize to an organizationally defined NTP server:

chronyc sources

If the Automation Controller host is not configured to use an organizationally defined NTP server, this is a finding.

Ensure the NTP time synchronization is operational:

chronyc activity | head -n 1 | grep "200 OK" >/dev/null || echo "FAILED"
sudo systemctl is-active chrony > /dev/null|| echo "FAILED"

If "FAILED" is displayed, this is a finding.

Fix

As a system administrator, for each Automation Controller host, configure the NTP client to synchronize to an organizationally defined NTP server:

vi /etc/chrony.conf

Restart the Automation Controller host:

$ shutdown -r