National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION

Family:
AC - ACCESS CONTROL
Class:
Priority:
P0 - Unspecified priority.
Baseline Allocation:
Low Moderate High
N/A N/A N/A

Control Description

The information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).

Supplemental Guidance

This control is applicable to logons to information systems via human user interfaces and logons to systems that occur in other types of architectures (e.g., service-oriented architectures).

Related to: AC-7PL-4

Control Enhancements

AC-9(1) PREVIOUS LOGON (ACCESS) NOTIFICATION | UNSUCCESSFUL LOGONS
The information system notifies the user, upon successful logon/access, of the number of unsuccessful logon/access attempts since the last successful logon/access.
AC-9(2) PREVIOUS LOGON (ACCESS) NOTIFICATION | SUCCESSFUL / UNSUCCESSFUL LOGONS
The information system notifies the user of the number of [Selection: successful logons/accesses; unsuccessful logon/access attempts; both] during [Assignment: organization-defined time period].
AC-9(3) PREVIOUS LOGON (ACCESS) NOTIFICATION | NOTIFICATION OF ACCOUNT CHANGES
The information system notifies the user of changes to [Assignment: organization-defined security-related characteristics/parameters of the user's account] during [Assignment: organization-defined time period].
AC-9(4) PREVIOUS LOGON (ACCESS) NOTIFICATION | ADDITIONAL LOGON INFORMATION
The information system notifies the user, upon successful logon (access), of the following additional information: [Assignment: organization-defined information to be included in addition to the date and time of the last logon (access)].
Supplemental Guidance: This control enhancement permits organizations to specify additional information to be provided to users upon logon including, for example, the location of last logon. User location is defined as that information which can be determined by information systems, for example, IP addresses from which network logons occurred, device identifiers, or notifications of local logons.

References

None.