NIST 800-53 r5 · Controls catalogue · Family SC
SC-45System Time Synchronization
Synchronize system clocks within and between systems and system components.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (4)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-295 | Improper Certificate Validation | 1,586 | Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks. |
CWE-345 | Insufficient Verification of Data Authenticity | 643 | Time synchronization supports reliable freshness verification when checking data authenticity across systems or components. |
CWE-613 | Insufficient Session Expiration | 606 | Consistent clocks across systems allow session expiration and timeout enforcement to function as intended in distributed environments. |
CWE-294 | Authentication Bypass by Capture-replay | 264 | Accurate synchronized time enables tight timestamp windows that directly limit capture-replay windows in authentication protocols. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-40093 | 1.6 | 8.1 | 0.0007 | partial |