Local Audit / NTP service

If you have selected Local Audit as the method by which the TSS secure clock is to be audited, this requires a running Network Time Protocol (NTP) service which has been configured to use an NTP server on the local network. Configuration of an NTP service requires a Windows Administrator to log in to the System Console.

The NTP service must be set up for Automatic start-up. You do this using the Windows Services applet.
We advise checking that the default configuration file is compliant with your internal security policy.

The Local Audit setting provides time that is traceable only to the TSS host PC clock. If you use the Local Audit setting, we recommend also using a good security policy with regard to the physical security of the TSS and the network connection to the NTP server.

To enable the NTP Service on the TSS so that you can use Local Audit:

  1. In the TSS Web interface, configure one or more TSAs to use Local Audit. (See Configuring a TSA for instructions.)

    If you have any TSA configured to use an Upper Clock, it must not use port 9124 for DS/NTP: this would cause a conflict with the NTP services.
  2. Restart the DSE200 Service.

  3. Once the NTP service synchronizes the local PC clock to the configured NTP server, the DSE200 service will audit the SEE application using the local PC time. You can look at the board.log or the TAC Info page (see Viewing Time Attribute Certificate (TAC) information) to see when this happens. Use ntpq to look at the status of the NTP service synchronization.