{"description": "The system should be configured to use time servers that support Network Time Security (NTS).\nThe specified time server must support NTS and must be configured to use NTS.\nTo configure NTS for given time server add <tt>nts</tt> to each <tt>server</tt> or <tt>pool</tt> line in <tt>/etc/chrony/chrony.conf</tt>.", "rationale": "Network Time Security (NTS) uses Transport Layer Security (TLS) to secure Network Time Protocol (NTP) communications.\nNot using NTS could allow an attacker to interpret and modify the data sent back from the time server\nInaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis.\nDetermining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.\nSources outside the configured acceptable allowance (drift) may be inaccurate.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must use encryption for NTP communications.", "vuldiscussion": "", "checktext": "Verify that Ubuntu 22.04 uses encryption for NTP communications.\n\n$ sudo grep nts /etc/ntp.conf /etc/chrony.conf\n\nserver [ntp.server.name] iburst maxpoll 10 nts\n\nIf \"nts\" is commented out or is missing, this is a finding.", "fixtext": "Configure Ubuntu 22.04 to use encryption for NTP communications.\n\nserver [ntp.server.name] iburst maxpoll 10 nts"}}, "platform": null, "platforms": ["package[chrony]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_chrony"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure Time Service to use NTS", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ntp/chrony_set_nts/rule.yml", "template": null}