UCF STIG Viewer Logo

The DBMS must, upon successful login, display to the user the date and time of the users last login.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32259 SRG-APP-000075-DB-000029 SV-42576r1_rule Low
Description
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service oriented architectures). Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40768r3_chk )
This requirement applies to interactive accounts only.

Log into the database and verify a message is displayed with date and time of the last login. On some systems this information may be displayed at the OS login level. If the system displays this information at the OS level, this is not a finding.

If no message is displayed, or if the message does not contain date and time of last login, this is a finding.
Fix Text (F-36183r1_fix)
For interactive accounts, configure the DBMS to display a message to the user, with the date and time of that user’s last login, upon successful login.