AU.L2-3.3.7 — Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

What this control requires

Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

Source: CMMC L2 v2.13 AU.L2-3.3.7 / NIST SP 800-171 R2 3.3.7 (official control text).

Why this matters

Accurate, synchronized timestamps are the foundation of audit trail integrity. When investigating a security incident—a data breach, unauthorized access, or system compromise—analysts must reconstruct the sequence of events across multiple systems. If server clocks drift by minutes or hours, correlating logs becomes impossible, attackers can exploit timing gaps, and forensic evidence loses credibility. This control requires all systems to synchronize with an authoritative time source (like NIST or pool.ntp.org) so that every audit record reflects the true moment an event occurred. Without synchronized time, your security monitoring is fundamentally unreliable.

What evidence assessors expect

Assessors typically look for: screenshot, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls