Time stamps generated by SQL Server must include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.
Check Text: SQL Server audits store the timestamp in UTC time.
Determine if the computer is joined to a domain.
SELECT DEFAULT_DOMAIN()[DomainName]
If this is not NULL, this is not a finding.
If the computer is not joined to a domain, determine what the time source is. (Run the following command in an elevated PowerShell session.)
w32tm /query /source
If the results of the command return "Local CMOS Clock" and is not documented with justification and AO authorization, this is a finding.
If the OS does not synchronize with a time server, review the procedure for maintaining accurate time on the system.
If such a procedure does not exist, this is a finding.
If the procedure exists, review evidence that the correct time is actually maintained.
If the evidence indicates otherwise, this is a finding.
Do a couple checks? Only return non compliant?