7b0ab870-00dd-4b1a-ac97-c297ae40215e
This setting determines the maximum time difference (in minutes) that Kerberos will tolerate between the time on a client's clock and the time on a server's clock while still considering the two clocks synchronous. To prevent replay attacks, Kerberos uses timestamps as part of its protocol definition. For timestamps to work properly, the clocks of the client and the server need to be in sync as much as possible.
Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058
To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Account Policies
|_ Kerberos Policy
|_ Maximum tolerance for computer clock synchronization to a maximum of "5" minutes or less.
STIG: Server
2025: https://system32.eventsentry.com/stig/viewer/V-278137
2022: https://system32.eventsentry.com/stig/viewer/V-254390
2019: https://system32.eventsentry.com/stig/viewer/V-205706
2016: https://system32.eventsentry.com/stig/viewer/V-224969
NIST 800-53 : AC-12, IA-2, CM-6
NIST 800-171: 3.1.2, 3.4.6
CMMC v2.0 L2: AC.L2-3.1.2, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 8.2.1
HIPAA SR : ยง164.312(a)(1)
HIPAA HICP : Practice 3 (Identity and Access Management)
Manage your cookie preferences below:
To learn more about our use of cookies, please see our
Privacy Policy.