Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must notify the user of the number of successful logins/accesses occurring during an organization defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35132 | SRG-APP-000077-AS-000042 | SV-46419r1_rule | Low |
| Description |
|---|
| Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of successful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover traditional logons to information systems where a user interface is involved. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43520r1_chk ) |
|---|
| Review AS product documentation and server configuration to determine if users are informed of the number of successful login attempts that have occurred during a defined period of time. If the users are not informed of this information this is a finding. |
| Fix Text (F-39684r1_fix) |
|---|
| Configure the AS to display the number of successful login attempts that have occurred within a defined period of time. |