In order to inform the user of the number of successful login attempts made with the user's account, the application must notify the user of the number of successful logins/accesses occurring during an organization defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36248	SRG-APP-077-NA	SV-47652r1_rule		Medium

Description
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of successful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. Rationale for non-applicability: The MDM server will leverage Enterprise Authentication Mechanism accounts. Therefore, the Enterprise Authentication Mechanism is expected to implement this control in lieu of local monitoring.

Description

Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of successful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. Rationale for non-applicability: The MDM server will leverage Enterprise Authentication Mechanism accounts. Therefore, the Enterprise Authentication Mechanism is expected to implement this control in lieu of local monitoring.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44488r1_chk )
This requirement is NA for the MDM server SRG.

Fix Text (F-40778r1_fix)
The requirement is NA. No fix is required.