NIST 800-53 REV 5 • ACCESS CONTROL

AC-9(1)Unsuccessful Logons

Notify the user, upon successful logon, of the number of unsuccessful logon attempts since the last successful logon.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Information about the number of unsuccessful logon attempts since the last successful logon allows the user to recognize if the number of unsuccessful logon attempts is consistent with the user’s actual logon attempts.

Practitioner Notes

This enhancement specifically shows users how many unsuccessful login attempts occurred since their last successful login. If the number is surprisingly high, someone may have been trying to break into their account.

Example 1: The same Windows GPO from AC-9 covers this — it displays the count of failed logon attempts. Educate users to report any unexpected numbers to your help desk. Include this in your security awareness training.

Example 2: In Azure AD, train users to check My Sign-ins at mysignins.microsoft.com. This page shows all recent sign-in attempts, including failures, locations, and device information. Users can flag any suspicious entries directly to the security team.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management