Need trusted NTP Sources
mysidia at gmail.com
Thu Feb 6 19:25:47 UTC 2014
On Thu, Feb 6, 2014 at 8:28 AM, jamie rishaw <j at arpa.com> wrote:
> PCI DSS only requires that all clocks be synchronized; It doesn't
> /require/ "how".
If you read requirement 10.4 more carefully, you will find that it Does
require that time
be synchronized from an INDUSTRY ACCEPTED external time source.
The GPS reference clock, a radio timecode receiver, receiving NIST or USNO,
Microsoft's time source (time.windows.com),
Redhat's time source, various univerisities and other public time servers
listed on NTP.org,
the NIST time servers listed here:
Are among the INDUSTRY ACCEPTED external time sources.
This is not an exhaustive enumeration of industry-accepted external time
More information about the NANOG