UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must display the number of failed login attempts made with a user account upon successful login of that user account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32260 SRG-APP-000076-DB-000030 SV-42577r1_rule Low
Description
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of unsuccessful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service oriented architectures). Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40769r4_chk )
This requirement applies to interactive accounts only.

Test access reports upon login to DBMS user accounts. On some systems this information may be displayed at the OS login level. If the system displays this information at the OS level, this is not a finding.

If the last successful and number of unsuccessful attempts since the last successful attempt are not reported, this is a finding.
Fix Text (F-36184r1_fix)
Implement an automated method to display, at interactive logon, the time and date of the last successful login and the number of failed login attempts since the last successful login for users that access the database interactively.