Check: SRG-OS-000359-GPOS-00146
General Purpose Operating System SRG:
SRG-OS-000359-GPOS-00146
(in versions v3 r1 through v1 r6)
Title
The operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). (Cat III impact)
Discussion
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the operating system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.
Check Content
Verify the operating system records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). If it does not, this is a finding.
Fix Text
Configure the operating system to record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
Additional Identifiers
Rule ID: SV-203714r958788_rule
Vulnerability ID: V-203714
Group Title: SRG-OS-000359
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001890 |
Record time stamps for audit records that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp. |
Controls
| Number | Title |
|---|---|
| AU-8 |
Time Stamps |