[ntp:questions] IA approved COTS NTP servers question

Joseph Gwinn joegwinn at comcast.net
Fri Jun 4 13:56:27 UTC 2010


In article <9ead1ef5-7000-445b-b7d1-ac1083874c65 at q8g2000vbm.googlegroups.com>,
 Fran <fran.horan at jhuapl.edu> wrote:

> Do you know of any DISA IA approved COTS NTP servers ? Didn¹t see any
> in the approved products lists at http://iase.disa.mil/common/index.html
> 
> Or, have you configured/tested a COTS NTP server to pass STIG tests ?
> 
> Thanks,
> 
> Fran
> 
> STIG: http://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide

I don't recall that there are any STIGs for NTP timeservers, which are based on 
small dedicated-mode computers running the NTP daemon under some kind of RTOS 
kernel.  

Most timeservers support at least DAC (username and password), but I don't know 
of any that have been evaluated to a protection profile.

Which specific 8500.2 IA Controls (other than those that call out STIGs and 
SRGs) are you responding to?  What is the threat?  

Joe Gwinn




More information about the questions mailing list