03.03.07 — (a) Use internal system clocks to generate time stamps for audit records. (b) Record time stamps for audit records that meet {{ insert: param, A.03.03.07.ODP.01 }} and that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp.

What this control requires

(a) Use internal system clocks to generate time stamps for audit records. (b) Record time stamps for audit records that meet {{ insert: param, A.03.03.07.ODP.01 }} and that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp.

Source: NIST SP 800-171 R3 §03.03.07 (official control text).

Why this matters

Accurate, synchronized timestamps are the backbone of forensic analysis and incident reconstruction. When an unauthorized access attempt occurs at 2:47 AM, investigators need confidence that all systems agree on what '2:47 AM' means. Without standardized time stamps using UTC or consistent offsets, correlating events across servers, workstations, and cloud services becomes impossible. This control ensures that when you need to prove what happened when—whether for breach investigation, compliance audit, or legal discovery—your audit logs tell a coherent, defensible story. Attackers often manipulate system clocks to cover their tracks; enforced time synchronization prevents this evasion technique.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls