Check: ESXI-65-000046
VMware vSphere 6.5 ESXi STIG:
ESXI-65-000046
(in versions v2 r4 through v1 r1)
Title
The ESXi host must configure NTP time synchronization. (Cat II impact)
Discussion
To assure the accuracy of the system clock, it must be synchronized with an authoritative time source within DoD. Many system functions, including time-based login and activity restrictions, automated reports, system logs, and audit records depend on an accurate system clock. If there is no confidence in the correctness of the system clock, time-based functions may not operate as intended and records may be of diminished value.
Check Content
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Time Configuration. Click Edit to verify the configured NTP servers and service startup policy. or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-VMHostNTPServer Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} If the NTP service is not configured with authoritative DoD time sources and the service is not configured to start and stop with the host and is running, this is a finding.
Fix Text
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Time Configuration. Click Edit to configure the NTP service to start and stop with the host and with authoritative DoD time sources. or From a PowerCLI command prompt while connected to the ESXi host run the following command: $NTPServers = "ntpserver1","ntpserver2" Get-VMHost | Add-VMHostNTPServer $NTPServers Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} | Set-VMHostService -Policy On Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} | Start-VMHostService
Additional Identifiers
Rule ID: SV-207647r878143_rule
Vulnerability ID: V-207647
Group Title: SRG-OS-000355-VMM-001330
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001891 |
The information system compares internal information system clocks on an organization-defined frequency with an organization-defined authoritative time source. |
Controls
Number | Title |
---|---|
AU-8 (1) |
Synchronization With Authoritative Time Source |