Title

The operating system must record time stamps for audit records that meet a minimum granularity of one second for a minimum degree of precision. (Cat II impact)

Discussion

Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the operating system include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks. Satisfies: SRG-OS-000358-GPOS-00145

Check Content

Verify the operating system records time stamps for audit records that meet a minimum granularity of one second for a minimum degree of precision. If it does not, this is a finding. FreeBSD has millisecond level auditing by default, but to verify against the current audit log: $ praudit /var/audit/*.not_terminated | head -n 20

Fix Text

Configure the operating system to record time stamps for audit records that meet a minimum granularity of one second for a minimum degree of precision.

Additional Identifiers

Rule ID:

Vulnerability ID: V-1450

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.