NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-8(1)Synchronization with Authoritative Time Source

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Synchronize with an authoritative time source — meaning a trusted, accurate reference like NIST, GPS, or a stratum-1 NTP server. Your clocks should all agree.

Example 1: Configure your primary domain controller (the one holding the PDC Emulator FSMO role) to sync with time.nist.gov or us.pool.ntp.org. Run: w32tm /config /manualpeerlist:"time.nist.gov" /syncfromflags:MANUAL /reliable:YES /update. All other domain members automatically sync from the DC hierarchy.

Example 2: For air-gapped or isolated networks, deploy a GPS-based NTP server (like a Meinberg or Microsemi appliance). The GPS receiver provides stratum-1 time accuracy without needing internet access. Configure all systems on the isolated network to sync from this local GPS time server.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component