AC 9 PREVIOUS LOGON NOTIFICATION - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

AC-9 PREVIOUS LOGON NOTIFICATION

Control: Notify the user, upon successful logon to the system, of the date and time of the last logon.

Discussion: Previous logon notification is applicable to system access via human user interfaces and access to systems that occurs in other types of architectures. Information about the last successful logon allows the user to recognize if the date and time provided is not consistent with the user’s last access.

Related Controls: AC-7, PL-4.

Control Enhancements:

  • (1) PREVIOUS LOGON NOTIFICATION / UNSUCCESSFUL LOGONS
    Notify the user, upon successful logon, of the number of unsuccessful logon attempts since the last successful logon.

    Discussion: Information about the number of unsuccessful logon attempts since the last successful logon allows the user to recognize if the number of unsuccessful logon attempts is consistent with the user’s actual logon attempts.

    Related Controls: None.

  • (2) PREVIOUS LOGON NOTIFICATION / SUCCESSFUL AND UNSUCCESSFUL LOGONS
    Notify the user, upon successful logon, of the number of [ Selection: successful logons; unsuccessful logon attempts; both ] during [ _Assignment: organization-defined time period _].

    Discussion: Information about the number of successful and unsuccessful logon attempts within a specified time period allows the user to recognize if the number and type of logon attempts are consistent with the user’s actual logon attempts.

    Related Controls: None.

  • (3) PREVIOUS LOGON NOTIFICATION / NOTIFICATION OF ACCOUNT CHANGES
    Notify the user, upon successful logon, of changes to [ Assignment: organization-defined security-related characteristics or parameters of the user’s account ] during [ Assignment: organization-defined time period ].

    Discussion: Information about changes to security-related account characteristics within a specified time period allows users to recognize if changes were made without their knowledge.

    Related Controls: None.

  • (4) PREVIOUS LOGON NOTIFICATION | ADDITIONAL LOGON INFORMATION Notify the user, upon successful logon, of the following additional information: [ Assignment: organization-defined additional information ].

    Discussion: Organizations can specify additional information to be provided to users upon logon, including the location of the last logon. User location is defined as information that can be determined by systems, such as Internet Protocol (IP) addresses from which network logons occurred, notifications of local logons, or device identifiers.

    Related Controls: None.

References: None.

⚠️ **GitHub.com Fallback** ⚠️