[ntp:questions] IA approved COTS NTP servers question

Fran fran.horan at jhuapl.edu
Mon Jun 7 12:43:41 UTC 2010


On Jun 4, 3:13 pm, Greg Hennessy <greg.henne... at cox.net> wrote:
> On 2010-06-04, Fran <fran.ho... at jhuapl.edu> wrote:
>
> > On Jun 3, 4:49?pm, Greg Hennessy <greg.henne... at cox.net> wrote:
> >> > Do you know of any DISA IA approved COTS NTP servers ?
>
> >> Why not use tick.usno.navy.mil or tock.usno.navy.mil? Only half a
> >> smiley.
>
> > Thats a funny one Greg, thanks!
>
> On the serious side, if you are worried about having to follow DISA
> STIGS, then it seems safe to assume you are on NIPR or SIPR nets, in
> which case it is probably easier to use the USNO supplied time service
> rather than recreating your own. If for redundancy you wish to run
> your own NTP servers (which you should point to USNO since USNO is
> what all DoD sources are *SUPPOSED* to be using), I'm not aware of any
> COTS NTP servers that are DISA IA approved out of the box.

Greg, thanks again for your help.

We are running on a private net inside a lab, no connections outside
of the lab. We'll run the NTP server either with a LOCAL reference
clock driver, IRIG-B, or with GPS.

A short email with Symmetricom said in essence: although there is no
'IA-mode' to put the NTP servers in, the NTP server is already running
a limited amount of services, there are controls to further disable
service and ports. Therefore its seems likely to me the NTP server
could be configured as required.

The devil is in the details however. So I would need to get funded for
time to get smart on the applicable IA requirements, get a suitable
COTS NTP server, configure and test it. Its likely we can get we we
want, but its not going to be a simple button push like the managers
would like to hear it is.

Thanks,

Fran




More information about the questions mailing list