STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Two Network Time Protocol (NTP) servers must be deployed in the management network.

DISA Rule

SV-19152r2_rule

Vulnerability Number

V-17860

Group Title

Two NTP servers not implemented in mgmt network

Rule Version

NET0810

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Deploy and implement at least two NTP servers in the management network.

Check Contents

Review the network topology to determine that there are two NTP servers and what network they are connected to. Verify that they are both online according to the documented IP address.

Where possible, deploy multiple gateways with diverse paths to the NTP servers. An alternative design is to have one server connected to a reference clock and the other server reference an external stratum-1 server. With this scenario, the NTP clients should be configured to prefer the stratum-1 server over the stratum-2 server.

The NTP servers should be configured to easily scale by creating a hierarchy of lower level (stratum-2 to stratum-15) servers to accommodate the workload. The width and depth of the hierarchy is dependent on the number of NTP clients as well as the amount of redundancy that is required.

If two NTP servers have not been deployed in the management network, this is a finding.

Two Network Time Protocol (NTP) servers must be deployed in the management network.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments