6 Feb
2014
6 Feb
'14
2:25 p.m.
On Thu, Feb 6, 2014 at 8:28 AM, jamie rishaw <j@arpa.com> wrote:
PCI DSS only requires that all clocks be synchronized; It doesn't /require/ "how".
If you read requirement 10.4 more carefully, you will find that it Does require that time be synchronized from an INDUSTRY ACCEPTED external time source. The GPS reference clock, a radio timecode receiver, receiving NIST or USNO, Microsoft's time source (time.windows.com), Redhat's time source, various univerisities and other public time servers listed on NTP.org, the NIST time servers listed here: http://tf.nist.gov/tf-cgi/servers.cgi Are among the INDUSTRY ACCEPTED external time sources. This is not an exhaustive enumeration of industry-accepted external time sources. -- -JH