Need trusted NTP Sources

Jimmy Hess mysidia at
Thu Feb 6 19:25:47 UTC 2014

On Thu, Feb 6, 2014 at 8:28 AM, jamie rishaw <j at> wrote:

> PCI DSS only requires that all clocks be synchronized; It doesn't
> /require/ "how".

If you read requirement 10.4  more carefully,  you will find that it Does
require that time
be synchronized from an INDUSTRY ACCEPTED  external  time source.

The GPS reference clock, a radio timecode receiver, receiving NIST or USNO,

Microsoft's time source  (,
Redhat's time source,  various univerisities and other public time servers
listed on,

the NIST time servers   listed here:

Are among the INDUSTRY ACCEPTED external time sources.

This is not an exhaustive enumeration of industry-accepted external time


More information about the NANOG mailing list