I have a question. For an organization that having servers on premise and on cloud, to comply with 12.4.4 Clock synchronization: All systems should be configured with the same time and date. Which servers in the cloud that should have the same time as the servers on premise:
none of the cloud should sync?
I’m assuming that by DaaS you mean Device as a Service.
Normally, control A.12.4.4 applies only to on-premise servers because these are the servers you fully control. If your risk assessment or requirements ask that both on-premise and cloud servers need to be synchronized, then regardless of the environment or cloud model, to be compliant with control 12.4.4 all servers in the same security domain (i.e., under the influence of the same controls) need to be synchronized to a single reference time source.