[168923] in North American Network Operators' Group
Re: Need trusted NTP Sources
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Thu Feb 6 14:26:21 2014
In-Reply-To: <CABL6YZQsztM_FpCtuXFoaGhrm8r1f8baa3SyQB3JU1ftPGv47g@mail.gmail.com>
From: Jimmy Hess <mysidia@gmail.com>
Date: Thu, 6 Feb 2014 13:25:47 -0600
To: jamie rishaw <j@arpa.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Feb 6, 2014 at 8:28 AM, jamie rishaw <j@arpa.com> wrote:
> PCI DSS only requires that all clocks be synchronized; It doesn't
> /require/ "how".
>
If you read requirement 10.4 more carefully, you will find that it Does
require that time
be synchronized from an INDUSTRY ACCEPTED external time source.
The GPS reference clock, a radio timecode receiver, receiving NIST or USNO,
Microsoft's time source (time.windows.com),
Redhat's time source, various univerisities and other public time servers
listed on NTP.org,
the NIST time servers listed here:
http://tf.nist.gov/tf-cgi/servers.cgi
Are among the INDUSTRY ACCEPTED external time sources.
This is not an exhaustive enumeration of industry-accepted external time
sources.
--
-JH
