NIST 800-53 REV 5 • ACCESS CONTROL

AC-9Previous Logon Notification

Notify the user, upon successful logon to the system, of the date and time of the last logon.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Previous logon notification is applicable to system access via human user interfaces and access to systems that occurs in other types of architectures. Information about the last successful logon allows the user to recognize if the date and time provided is not consistent with the user’s last access.

Practitioner Notes

After you successfully log in, the system should show you information about your last login — when it happened and from where. This helps you spot unauthorized use of your account.

Example 1: In Windows, enable the GPO at Computer Configuration → Policies → Administrative Templates → Windows Components → Windows Logon Options → "Display information about previous logons during user logon". After logging in, users see the date, time, and count of recent logons and failed attempts.

Example 2: In Linux, verify that pam_lastlog is enabled in /etc/pam.d/login with the line session optional pam_lastlog.so showfailed. Users will see their last successful login date and any failed attempts when they connect via SSH or console.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management