Title

The system is configured to use an unauthorized time server. (Cat III impact)

Discussion

The Windows Time Service controls time synchronization settings. Time synchronization is essential for authentication and auditing purposes. If the Windows Time Service is used, it should synchronize with a secure, authorized time source. Domain joined systems are automatically configured to synchronize with domain controllers. If an NTP server is configured it should synchronize with a secure, authorized time source.

Check Content

Fix Text

If the system needs to be configured to an NTP server, configure the system to point to an authorized time server by setting the policy value for Computer Configuration -> Administrative Templates -> System -> Windows Time Service -> Time Providers “Configure Windows NTP Client” to “Enabled”, and configure the “NtpServer” field to point to an authorized time server.

Additional Identifiers

Rule ID: SV-25174r1_rule

Vulnerability ID: V-3472

Group Title: Windows Time Service - Configure NTP Client

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.