The clocks of information processing systems used by the organisation should be synchronised to approved time sources.
Clock synchronisation in information security refers to the process of ensuring that the clocks on different systems and devices within a network are accurate and in sync with each other.
This is important for several reasons, and the following points to be considered:
- Log correlation: When logs are collected from multiple systems and devices, it is essential that the timestamps on the logs are accurate and consistent in order to be able to correlate events and identify potential security incidents.
- Time-based access controls: Many systems and applications use time-based access controls, such as login time restrictions or expiration of digital certificates, so accurate time synchronization is necessary to ensure that these controls are enforced correctly.
- Compliance: Many regulatory requirements, such as PCI-DSS, mandate accurate time synchronisation across systems and devices in order to maintain an accurate record of system activity.
- Forensics: In the event of a security incident, accurate time synchronisation is essential for incident response and forensic investigations, to understand the chronology of events and identify the cause of the incident.
- Network protocols: Many network protocols, such as Kerberos, SNMP, and NTP, rely on accurate time synchronization to function correctly and to ensure secure communication. . There are several methods to synchronize the clock, such as Network Time Protocol (NTP), Simple Network Time Protocol (SNTP), Precision Time Protocol (PTP) and GPS. It is important to have a well-defined clock synchronisation plan in place and to ensure that the time synchronisation method used is accurate, efficient, and compliant with regulatory requirements.