SM-03 Incident & Security Monitoring

Time Synchronisation (NTP)

Log timestamps are reliable for forensics.

Domain: Incident & Security Monitoring
Control type: Preventive
Automated / manual: Automated
Frequency: Continuous
Framework reference: MAS Cyber Hygiene

What good looks like

System clocks synchronised to a reliable source across critical systems.

Risk if it fails

Unreliable timestamps hinder investigation.

How Tess tests it

2 tests — each concludes only on cited evidence.

Time-sync standard defined

Design

Procedure: Inspect the standard.
Expected: Reliable source defined.
Sample: 1 (design inspection)
Evidence: NTP configuration evidence.

NTP active on critical systems

Operating

Procedure: Inspect NTP config.
Expected: Synchronised.
Sample: 25 (or full config inspection)
Evidence: NTP configuration evidence.

Evidence Tess looks for

NTP configuration evidence.

More in Incident & Security Monitoring

SM-01 Logging Standard & Retention SM-02 Access & Privileged Activity Logging SM-04 Security Alerting & Anomaly Monitoring SM-05 Endpoint Protection (EDR)

Want Tess to test SM-03 against your evidence?