An error occurred:

Check: AIOS-05-000002

Apple iOS 7 STIG: AIOS-05-000002 (in version v1 r2)

Title

Apple iOS must synchronize the internal clock at least once every 24 hours with an authoritative time server or the Global Positioning System. (Cat III impact)

Discussion

Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events. Periodically synchronizing internal clocks with an authoritative time source is needed in order to correctly correlate the timing of events that occur across the enterprise. The two authoritative time sources for mobile operating systems are an authoritative time server which is synchronized with redundant United States Naval Observatory (USNO) time servers as designated for the appropriate DoD network (NIPRNet or SIPRNet) or the Global Positioning System (GPS). Timestamps generated by the audit system in mobile operating systems shall include both date and time. The time may be expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.

Check Content

This check procedure is performed on the iOS device only. On the iOS device: 1. Open the Settings app. 2. Tap "General". 3. Tap "Date & Time". 4. Verify the phrase "Set Automatically" is toggled to the right and appears green. Note: When "Set Automatically" is turned on, the time is based off the carrier time clock which is assumed to be authoritative. If on the iOS device the "Set Automatically" is toggled to left and appears white, or if the date and time appear at the bottom of the screen, this is a finding.

Fix Text

Configure Apple iOS to synchronize the internal clock on an organizationally-defined periodic basis with an authoritative time server or the Global Positioning System. On the iOS device: 1. Open the Settings app. 2. Tap "General". 3. Tap "Date & Time". 4. Toggle "Set Automatically" to the right, so it appears green.

Additional Identifiers

Rule ID:

Vulnerability ID: V-43228

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000160

The information system synchronizes internal information system clocks on an organization-defined frequency with an organization-defined authoritative time source.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check