controls:
    -   id: SRG-OS-000055-GPOS-00026
        levels:
            - medium
        title: {{{ full_name }}} must use internal system clocks to generate time stamps
            for audit records.
        check: |-
            {{{ full_name }}} supports this requirement and cannot be configured to be out of compliance.
            {{{ full_name }}} inherently meets this requirement.
        fixtext: |-
            {{{ full_name }}} supports this requirement and cannot be configured to be out of compliance.
            {{{ full_name }}} inherently meets this requirement.
        status: inherently met
        mitigation: |-
            The "ausearch" tool manpage describes how it can be used to search for audit records based on their associated timestamps: http://man7.org/linux/man-pages/man8/ausearch.8.html.
        status_justification: |-
            The default setup of "rsyslogd" uses timestamps and the default setup of "chronyd" uses the system clock.
        description: {{{ full_name }}} must use internal system clocks to generate time stamps for audit records.
        rationale: |-
            Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysis would be impeded.
            Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.

            If the internal clock is not used, the system may not be able to provide time stamps for log messages.
            Additionally, externally generated time stamps may not be accurate.