|
Anybody here know about PCI and Time servers? I'm
fighting a battle with our security guy about it. Background: we have two e-commerce datacenters (active/failover type) located on opposite sides of the country that host our web stack, and two corporate offices near each other that host the business stack (ie email, file server, AD, warehouse/shipping database system). We also have a host of stores and warehouses. PCI requires that "Critical systems have the correct and consistent time." (10.4.1). However the testing procedures in that section say "Only the designated central time server(s) receives time signals from external sources". He is hung up on that "central" part. I want to put time servers in the two e-commerce datacenters as well as the two corporate offices and peer all of them together, and point our servers to all of them. He wants to only put them in the two corporate offices. His argument is that they are then central there. Mine is that they aren't central to the web stack, and that the web stack will not maintain correct and consistent time. Thoughts? -Matt -- I follow the System Administrators' Code of Ethics: https://lopsa.org/CodeOfEthics LOPSA Member |
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
