RFC 3871           Operational Security Requirements      September 2004

   Justification.

      Accurate time is important to the generation of reliable log data.

      Accurate time is also important to the correct operation of some

      authentication mechanisms.

   Examples.

      This requirement may be satisfied by supporting Network Time

      Protocol (NTP), Simple Network Time Protocol (SNTP), or via direct

      connection to an accurate time source.

   Warnings.

      System clock chips are inaccurate to varying degrees.  System time

      should not be relied upon unless it is regularly checked and

      synchronized with a known, accurate external time source (such as

      an NTP stratum 1 server).  Also note that if network time

      synchronization is used, an attacker may be able to manipulate the

      clock unless cryptographic authentication is used.

2.11.6.  Display Timezone And UTC Offset

   Requirement.

      All displays and logs of system time MUST include a timezone or

      offset from UTC.

   Justification.

      Knowing the timezone or UTC offset makes correlation of data and

      coordination with data in other timezones possible.

   Examples.

      Bob is in Newfoundland, Canada which is UTC  3:30.  Alice is

      somewhere in Indiana, USA.  Some parts of Indiana switch to

      daylight savings time while others do not.  A user on Bob's

      network attacks a user on Alice's network.  Both are using logs

      with local timezones and no indication of UTC offset.  Correlating

      these logs will be difficult and error prone.  Including timezone,

      or better, UTC offset, eliminates these difficulties.

   Warnings.

      None.

Jones                        Informational                     [Page 51]