NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-45(2)Secondary Authoritative Time Source

Identify a secondary authoritative time source that is in a different geographic region than the primary authoritative time source; and Synchronize the internal system clocks to the secondary authoritative time source if the primary authoritative time source is unavailable.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

It may be necessary to employ geolocation information to determine that the secondary authoritative time source is in a different geographic region.

Practitioner Notes

Maintain a secondary authoritative time source as a backup in case your primary time source becomes unavailable.

Example 1: Configure your NTP clients with at least two NTP servers — your primary internal time server and a secondary. If the primary fails, clients automatically fall back to the secondary without losing synchronization.

Example 2: Use multiple upstream NTP sources for your internal time servers. Configure them with both time.nist.gov and time.windows.com as upstream sources. The NTP algorithm selects the most accurate source and fails over automatically if one becomes unreachable.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability