NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-36(2)Synchronization

Synchronize the following duplicate systems or system components: {{ insert: param, sc-36.02_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

[SC-36](#sc-36) and [CP-9(6)](#cp-9.6) require the duplication of systems or system components in distributed locations. The synchronization of duplicated and redundant services and data helps to ensure that information contained in the distributed locations can be used in the mission or business functions of organizations, as needed.

Practitioner Notes

Ensure distributed processing components stay synchronized — data and configurations must be consistent across all locations.

Example 1: Configure Active Directory replication monitoring to alert on replication failures between domain controllers. Use "repadmin /replsummary" regularly and forward results to your SIEM. Replication failures could indicate network issues or an attack on AD.

Example 2: For distributed databases, use synchronous replication for critical transaction data and configure alerts for replication lag. If the replica falls more than a few seconds behind, investigate immediately — it could indicate a network attack or infrastructure failure.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability