My thoughts: My RHEL5/6 servers have only a single NTP server avail (which in turn receives time through GPS). It will just be an exception if "held to a higher standard".
VR, Brian Peake On 10/25/12 2:28 PM, "Jeffrey Blank" <bl...@eclipse.ncsc.mil> wrote: >We will certainly have rules available to that end. > >The question is whether you want it encoded as part a compliance >enforcement regime for a wide variety of use cases. Previous consensus >discussion indicated that a single NTP server in an enclave was common >practice, but that that system (acting as an NTP server) commonly used >multiple sources for time. > >What would you want to enforce on all systems, as that is our constraint? > >Perhaps we could consider how Windows does it, and then decide whether >we want to hold other platforms to a higher standard. > > > > >On 10/25/2012 01:02 PM, Joe Wulf wrote: >> I second that motion. >> >> R, >> -Joe >> >> *From:* Gary Gapinski <gapin...@nasa.gov> >> *To:* scap-security-guide@lists.fedorahosted.org >> *Sent:* Thursday, October 25, 2012 12:38 PM >> *Subject:* NTP server(s) >> >> Dunno if this is worth a change or not, but the gentleman from >> Raytheon mentioned that the older STIG recommended several NTP >>servers. >> >> Having been burned personally by a shady NTP server, as well as a >> shady local oscillator, best practice might be 3+ (to ensure >>quorum). >> >> The current content (V-150) only requires that NTP be enabled (a >> very good thing) and that there is at least one server. (better than >> none). >> >> _______________________________________________ >> scap-security-guide mailing list >> scap-security-guide@lists.fedorahosted.org >> <mailto:scap-security-guide@lists.fedorahosted.org> >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >> >> >> >> >> _______________________________________________ >> scap-security-guide mailing list >> scap-security-guide@lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >_______________________________________________ >scap-security-guide mailing list >scap-security-guide@lists.fedorahosted.org >https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
