[ntp:questions] IA approved COTS NTP servers question
joegwinn at comcast.net
Fri Jun 4 13:56:27 UTC 2010
In article <9ead1ef5-7000-445b-b7d1-ac1083874c65 at q8g2000vbm.googlegroups.com>,
Fran <fran.horan at jhuapl.edu> wrote:
> Do you know of any DISA IA approved COTS NTP servers ? Didn¹t see any
> in the approved products lists at http://iase.disa.mil/common/index.html
> Or, have you configured/tested a COTS NTP server to pass STIG tests ?
> STIG: http://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
I don't recall that there are any STIGs for NTP timeservers, which are based on
small dedicated-mode computers running the NTP daemon under some kind of RTOS
Most timeservers support at least DAC (username and password), but I don't know
of any that have been evaluated to a protection profile.
Which specific 8500.2 IA Controls (other than those that call out STIGs and
SRGs) are you responding to? What is the threat?
More information about the questions