3.3.9 — Provide a System Capability That Compares and Synchronizes Internal System Clocks

This builds on the timestamps requirement — your systems need a way to actively compare their clocks to an authoritative source and correct any drift. Without this, clocks drift over time and your logs become unreliable for investigations.

Example 1: On your Windows domain, verify that the PDC Emulator is syncing to an authoritative external source. Run w32tm /query /configuration and confirm the NTPServer is set to a trusted source (e.g., time.nist.gov). Then run w32tm /monitor on several domain workstations to verify they are all within 1 second of the PDC. Document the results and check quarterly.

Example 2: For network devices like switches and firewalls, configure two NTP sources for redundancy. On a Cisco switch, enter: ntp server 10.0.0.1 prefer and ntp server time.nist.gov. Verify with show ntp status and confirm the clock is synchronized. On a Palo Alto firewall, go to Device → Setup → Services → NTP, add a primary and secondary server, and verify sync under Dashboard → General Information → NTP status.