>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-8Time Stamps

IL4 Mod
IL4 High
IL5
IL6

>Control Description

a

Use internal system clocks to generate time stamps for audit records; and

b

Record time stamps for audit records that meet organization-defined granularity of time measurement and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.

>DoD Impact Level Requirements

FedRAMP Parameter Values

AU-8 (b) [one second granularity of time measurement]

>Discussion

Time stamps generated by the system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks (e.g., clocks synchronizing within hundreds of milliseconds or tens of milliseconds).

Organizations may define different time granularities for different system components. Time service can be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities.

>Programmatic Queries

Beta

Related Services

CloudTrail
EC2
Amazon Time Sync Service

CLI Commands

Check CloudTrail event time format
aws cloudtrail lookup-events --max-results 1 --query 'Events[0].EventTime'
Verify instance time sync (SSM)
aws ssm send-command --instance-ids INSTANCE_ID --document-name 'AWS-RunShellScript' --parameters 'commands=["timedatectl status"]'
Check log event timestamps
aws logs filter-log-events --log-group-name LOG_GROUP --limit 1 --query 'events[0].timestamp'
List CloudWatch log timestamp format
aws logs describe-log-groups --query 'logGroups[0].creationTime'
Open AWS ConsoleDocumentation

>Related Controls

AU-3
AU-12
AU-14
SC-45

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-8 (Time Stamps)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-8?
  • How frequently is the AU-8 policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-8?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-8 requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-8?
  • How is AU-8 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-8 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-8?
  • What audit logs, records, reports, or monitoring data validate AU-8 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-8 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-8 compliance?

Ask AI

Configure your API key to use AI features.