Title

The application must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. (Cat II impact)

Discussion

Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the application include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks.

Check Content

Review the system documentation and interview the application administrator to determine where application audit logs are written and how time stamps are recorded. If the application utilizes the underlying OS for time stamping and time synchronization when writing the audit logs, this requirement is not applicable. Access and review log files over a period of at least 10 minutes; compare time stamps written in the application log to the system clock to ensure time is synchronized to within 1 second of precision. If the application audit log time stamps differ from the OS time source by more than one second, this is a finding.

Fix Text

Configure the application to leverage the underlying operating system as the time source when recording time stamps or design the application to ensure granularity of 1 second as the minimum degree of precision.

Additional Identifiers

Rule ID: SV-222499r879748_rule

Vulnerability ID: V-222499

Group Title: SRG-APP-000375

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.