In article <[email protected]>, Fran <[email protected]> wrote:
> Do you know of any DISA IA approved COTS NTP servers ? DidnĀ¹t see any > in the approved products lists at http://iase.disa.mil/common/index.html > > Or, have you configured/tested a COTS NTP server to pass STIG tests ? > > Thanks, > > Fran > > STIG: http://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide I don't recall that there are any STIGs for NTP timeservers, which are based on small dedicated-mode computers running the NTP daemon under some kind of RTOS kernel. Most timeservers support at least DAC (username and password), but I don't know of any that have been evaluated to a protection profile. Which specific 8500.2 IA Controls (other than those that call out STIGs and SRGs) are you responding to? What is the threat? Joe Gwinn
_______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
