AU.L2-3.3.7: Authoritative Time Source for CMMC Level 2
Accurate audit timestamps are foundational to compliance investigations and incident response. CMMC control AU.L2-3.3.7 requires your systems to synchronize with an authoritative time source so every audit record carries a verifiable, consistent timestamp. Without proper time synchronization, your audit trail loses legal weight and forensic value.
What this means
This control mandates that your organization implement a system-wide capability to compare and synchronize internal system clocks against an authoritative external time source (such as NTP servers or government time services). Every audit record must be timestamped using this synchronized time. This ensures that audit logs across multiple systems remain chronologically consistent, enabling accurate incident reconstruction and meeting regulatory audit requirements.
How to comply
- 1.Identify and designate an authoritative time source (e.g., NTP server, NIST time service, or GPS time receiver)
- 2.Configure all systems and devices to synchronize clocks with the authoritative source at regular intervals (typically hourly or more frequent)
- 3.Document the synchronization method, frequency, and tolerance thresholds for clock drift
- 4.Implement monitoring to detect and alert when system clocks drift beyond acceptable ranges
- 5.Validate that all audit logging systems use the synchronized time for record timestamps
- 6.Test failover procedures if the primary authoritative source becomes unavailable
- 7.Maintain audit records showing successful synchronization events and any clock correction actions
Evidence auditors look for
- NTP server configuration files showing authoritative time source addresses and sync intervals
- System clock synchronization logs demonstrating regular successful syncs
- Network monitoring showing NTP traffic to designated time servers
- Audit logs with timestamps that align across multiple systems
- Documentation of maximum acceptable clock drift and remediation procedures
- Alerts and incident records showing detection and resolution of clock synchronization failures
- Screenshots of system settings confirming automatic time synchronization is enabled
- Backup time source configuration for disaster recovery scenarios
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch automates NTP configuration validation, monitors synchronization status across your infrastructure, and generates compliance evidence reports showing continuous time source alignment—eliminating manual clock audits and timestamp discrepancies during CMMC assessments.
See how GRCWatch handles this control automatically
Start free trial