Jose Munoz asks: >Is a must to use a NTP server for PCI-DSS compliance? I'm not sure I entirely understand the question, but I'll try to answer. PCI-DSS incorporates a concept called "trusted time." It also seeks to make sure that all critical systems have the correct and consistent time.
My understanding is that PCI-DSS is not explicit about time *protocols*. If your particular implementation of NTP addresses the requirements, great. For example, zEnterprise can be an NTP client to an External Time Source (ETS) via the Server Time Protocol (STP) feature. NTP authentication is supported. To maintain correctness and consistency, zEnterprise can then act as the authoritative NTP server to other systems. Subject to some other implementation details, that pattern is consistent with PCI-DSS practices. But other protocols and/or patterns might be as well. -------------------------------------------------------------------------------------------------------- Timothy Sipples GMU VCT Architect Executive (Based in Singapore) E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
