Title

The UEM server must use host operating system clocks to generate time stamps for audit records. (Cat II impact)

Discussion

Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysis would be impeded. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. If the internal clock is not used, the system may not be able to provide time stamps for log messages. Additionally, externally generated time stamps may not be accurate. Applications can use the capability of an operating system or purpose-built module for this purpose. Satisfies: OE.TIMESTAMP, FAU_GEN.1.2(1)

Check Content

Verify the UEM server uses host operating system clocks to generate time stamps for audit records. If the UEM server does not use host operating system clocks to generate time stamps for audit records, this is a finding

Fix Text

Configure the UEM server to use host operating system clocks to generate time stamps for audit records.

Additional Identifiers

Rule ID: SV-234340r960927_rule

Vulnerability ID: V-234340

Group Title: SRG-APP-000116

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.