PCI DSS only requires that all clocks be synchronized; It doesn't /require/ "how".
If you have servers getting time from external sources (authenticated always a plus) and peering with each other internally, then you comply with PCI DSS 2.0 (3.0 has no changes to this that I'm aware of). OTOH, I'm surprised nobody has mentioned http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html -j On Thu, Feb 6, 2014 at 6:53 AM, Notify Me <notify.s...@gmail.com> wrote: > Raspberries! Not common currency here either, but let's see! > grateful for all the input and responses, this list is amazing as usual. > > On Thu, Feb 6, 2014 at 1:41 PM, Aled Morris <al...@qix.co.uk> wrote: >> On 6 February 2014 12:30, Martin Hotze <m.ho...@hotze.com> wrote: >> >>> > I'm trying to help a company I work for to pass an audit, and we've >>> > been told we need trusted NTP sources (RedHat doesn't cut it). Being >>> > located in Nigeria, Africa, >>> >> [...] >> >>> So build your own stratum 1 server (maybe a second one with DCF77 or >>> whatever you can use for redundancy), >>> >> >> I don't think DCF77 is going to reach Nigeria. >> >> Aled > -- jamie rishaw // .com.arpa@j <- reverse it. ish. "Reality defeats prejudice." - Rep. Barney Frank
