UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The OS, or application, or both must, upon successful login, display to the user the date and time of the users last login.


Overview

Finding ID Version Rule ID IA Controls Severity
V-52413 O112-N3-005802 SV-66629r1_rule Low
Description
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional interactive logins to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures). Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account. This STIG requirement mandates the implementation of a method to mitigate Oracle's inability to display the data specified in the SRG. This assumes that the operating system is capable of displaying the specified data.
STIG Date
Oracle Database 11.2g Security Technical Implementation Guide 2017-04-05

Details

Check Text ( C-54443r1_chk )
This requirement applies to interactive accounts only.

Log on to each operating system where interactive Oracle users will communicate with the DBMS. If each OS displays the date and time of the user's last login, this is not a finding.

Log on to each interactive application that accesses the DBMS. If each application displays the date and time of the user's last login, this is not a finding.
Fix Text (F-57231r1_fix)
Modify OS logon behavior and/or application behavior to display the required data.