Local Regulations and Global Guidelines

  • Home
  • >
  • Local Regulations and Global Guidelines
Regulations for NTP
Authority
Country
Description
Document
DEPARTMENT OF HEALTH
UAE
Regulation: Guidelines for the Implementation of the ADHICS
  • All systems clocks shall be synchronized using Network Time Protocol (NTP) to ensure the accuracy of audit logs.
  • Users shall be restricted from changing the systems time.
ADHICS
SECURITY INDUSTRY REGULATORY AGENCY
UAE
Regulation: Standard and Technical Specifications of the Security Systems (of Law No. 12 of 2016)
  • Security Systems shall support the Central Time feature (Network Time Protocol -NTP).
Standard and Technical Specifications
Telecommunications And Digital Government Regulatory Authority
UAE
Guidelines for trust service practice statements
  • 6.7 Network security controls. Shall follow guidance from [RFC 3647] and state the corresponding practices that are used, referring to the applicable Certificate Security Policy
  • 6.8. Timestamping. Shall follow guidance from [RFC 3647] and describe in particular how the CA sources accurate time for activities such as certificate issuance or logging, certificate issuance.
Guidelines for Trust service Practice State
Public Works Authority State of Qatar
Qatar
Intelligent Transportation System (ITS) Specifications
  • The Multiprotocol Access Node shall support configuration of at least two NTP servers for time synchronization.
ITS Specifications
Qatar Central Bank
Qatar
Information and Cyber Security Regulation for Payment Service Providers
  • 8.23. The Payment Service Provider shall synchronize all device to the NTP server which shall be Synchronized with the ISP or universal atomic clock time servers.
Information and Cyber Security Regulation for PSPs
Qatar Legal Portal
Qatar
Electronics Transactions and Commerce Law
  • Electronics Signature- Article 28: Having the correct time to signing is important as electronic signature & its time of singing is acceptable in the Supreme Council
Ecommerce Law
Electricity and Water Authority
Bahrain
Inspection & Testing Guidelines
  • When multiple data acquisition units are involved that each independently apply timestamps the clocks of the units shall be synchronized, preferably by an automated mechanism such as global positioning system (GPS) or network time protocol (NTP).
Inspection & Testing Guidelines
Economic Development Board Bahrain
Bahrain
Electronic Communications and Transactions Law
  • Legislative Decree No. 54 of 2018 Promulgating the Electronic Communications and Transactions Law
  • Evidential Presumptions- Where a secure electronic time stamp is placed on an electronic record
Reference: Electronic-Communications-and Transactions-LAW
Ministry of Interior Bahrain
Bahrain
National Cyber Security Center
  • Events must be recorded with time stamps indicating the exact time events have occurred.
  • Without accurately synchronized timestamps, the entity cannot find out which event occurred before the other.
Baseline Cybersecurity Controls
Telecommunications Regulatory Authority-Bahrain


Bahrain
Guidelines Telecommunications Sector Cybersecurity Controls
  • Control 5.1.8 Centralized timing must be used for all systems (for example, NTP)
  • Generated from an authoritative and secure internal source (for example, atomic clock)
  • Where supported, at least two different time sources are used to ensure that the timestamps in logs are consistent.
Telecommunications Sector Cybersecurity
National Cybersecurity Authority (NCA)
KSA
Centralized clock synchronization with an accurate and trusted source (e.g., Saudi Standards, Metrology and Quality Organization (SASO)).
ECC
Saudi Standards
KSA
Saudi Standards called on national companies to set the timing of their order management system to match the timing of the one approved by SASO via this link: http://time.saso.gov.sa. SASO indicates that setting the timing according to the National Timing Reference helps companies and investors to ensure the accuracy of their timing within Trading, especially at the times of the market's opening and closing.
Reference:
SASO
Saudi Arabian Monetary Authority
KSA
All network devices should synchronize their clock timings from a centralized NTP server
Information Technology Governance Framework
STC
KSA
It is related to regulatory practices, as it is part of a Reference Offer (RO) approved by the Communications and Information Technology Commission (CITC), focusing on compliance and standardization within the telecommunications sector.
5 Network Synchronization
Central Bank of Kuwait
Kuwait
  • EPIPs and their EPA shall allow access to all their notes, records, documents and minutes of meetings, and not to take any action that may have a negative impact on The Central Bank of Kuwait ’s supervision.
  • Kuwait's regulatory bodies emphasize accurate record-keeping and compliance with international standards
Central Bank of Kuwait
NIST 800-53 (USA)
Global
NIST 800-53 (USA) – Security & Privacy Controls
  • Control AU-12 (Audit Record Generation): Requires accurate time stamping of logs using a reliable NTP source.
  • Control SC-45 (Clock Synchronization): Systems must use an authoritative time source like NIST NTP servers.
Security and Privacy Controls for Information Systems and Organizations
GDPR
Global
GDPR (EU) – General Data Protection Regulation
  • Article 30 (Records of processing activities): Accurate timestamps are crucial in processing activities, including details such as purposes of processing, categories of data subjects, and categories of personal data records to provide a clear timeline of data processing activities, aiding in accountability and transparency.
GDPR (EU) – General Data Protection Regulation
European Union Agency for Cybersecurity (ENISA)
Global
Offers guidelines and recommendations for network and information security, highlighting the significance of synchronized time across systems to detect and analyze security incidents effectively.
https://www.enisa.europa.eu/publications
ENISA Publications
Sarbanes Oxley
Global
SEC Rule 17a-4 (For Broker-Dealers and Financial Firms)
Requires electronic records to be time-stamped and stored in a non-rewritable, non-erasable format (WORM storage).
Sarbanes Oxley
Order Audit Trail System (OATS)
Global
Firms were required to time-stamp orders to the millisecond if they used electronic systems.
OATS Reporting Technical Specifications
HIPAA
Global
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
NIST Special Publication
FDA 21 CFR Part 11
Global
Establishes regulations for electronic records and electronic signatures to ensure data integrity, security, and reliability in pharmaceutical, biotechnology, and medical device industries.
Guidance for Industry Part 11, Electronic Records
MiFID II- European standard
Global
Clock /synchronization has a direct impact in many areas within trading in financial markets. For instance, it is critical for accurate and reliable time-stamping (recording of date and time).
Commission Delegated Regulation (EU)
North American Electric Reliability Council (NERC)
Global
  • Balancing Authorities must utilize time-synchronized equipment to calculate Area Control Error (ACE) accurately.
  • Transmission Owners and Generator Owners must time-synchronize their recording devices.
  • Balancing Authorities must use a common time-synchronized source for data used in Reporting ACE calculations.
Automatic Generation Control
ISO 27001:2022
Global
Regulation: ISO 27001 standard-section 8.17
  • Clock synchronization is a critical component in ensuring the accuracy and integrity of system data. Proper synchronization across all devices and systems is essential for maintaining the security and reliability of information.
Reference:
PCI-DSS v4

Global
Regulation: PCI DSS v4-Section 10.6
  • 10.6.1 System clocks and time are synchronized using time-synchronization technology.
  • 10.6.2 Systems are configured to the correct and consistent time
  • Time synchronization settings and data are protected
PCI DSS
Indian Computer Emergency Response Team (CERT-In)
India
Directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.
Ministry of Electronics and Information Technology
Dubai Electronic Security Center
UAE
DESC shall provide time with plus or minus 1 second of UTC by calibration with an NTP server.
Dubai PKI Timestamping Policy Practice Statement
NIST SP 800-171 rev 2 3.3.7

Global
3.3.7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
Withdrawn NIST Technical Series Publication
Ministry of Consumer Affairs
India
All government offices and public institutions shall display Indian Standard Time (IST) on all time-keeping devices, ensuring synchronization through reliable sources like Network Time Protocol (NTP) or Precision Time Protocol (PTP).
The Pioneer