Time updates should be received from which sources, and what protections might be applied?

Time updates must come from trusted, designated external sources that you control, typically industry-accepted time servers you configure for your environment. This ensures the timestamps across systems are consistent and trustworthy, which is critical for accurate logs, auditing, and incident response. Protecting the time data in transit helps prevent tampering or interception, hence encryption with a symmetric key may be used. Restricting who receives the updates with ACLs limits exposure and reduces the risk that an unauthorized device could receive or trust a manipulated time source. Using anything other than designated, trusted sources (or sources that aren’t industry-accepted) opens the door to incorrect or spoofed time data, compromising log integrity and security monitoring.