UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION


Overview

Number Title Impact Priority Subject Area
AC-9 Previous Logon (Access) Notification P0 Access Control

Instructions
The information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).
Guidance
This control is applicable to logons to information systems via human user interfaces and logons to systems that occur in other types of architectures (e.g., service-oriented architectures).

Enhancements
AC-9 (1) Unsuccessful Logons

The information system notifies the user, upon successful logon/access, of the number of unsuccessful logon/access attempts since the last successful logon/access.

AC-9 (2) Successful / Unsuccessful Logons

The information system notifies the user of the number of Selection: successful logons/accesses; unsuccessful logon/access attempts; both during Assignment: organization-defined time period.

AC-9 (3) Notification Of Account Changes

The information system notifies the user of changes to Assignment: organization-defined security-related characteristics/parameters of the user�s account during Assignment: organization-defined time period.

AC-9 (4) Additional Logon Information
This control enhancement permits organizations to specify additional information to be provided to users upon logon including, for example, the location of last logon. User location is defined as that information which can be determined by information systems, for example, IP addresses from which network logons occurred, device identifiers, or notifications of local logons.

The information system notifies the user, upon successful logon (access), of the following additional information: Assignment: organization-defined information to be included in addition to the date and time of the last logon (access).