1. Home
  2. Industrial Control Systems
  3. AC-9

AC-9: PREVIOUS LOGON (ACCESS) NOTIFICATION

NOT SELECTED FOR INDUSTRIAL CONTROL SYSTEMS

The information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).

SUPPLEMENTAL GUIDANCE

This control is applicable to logons to information systems via human user interfaces and logons to systems that occur in other types of architectures (e.g., service-oriented architectures).

CONTROL ENHANCEMENTS

AC-9 (1) PREVIOUS LOGON (ACCESS) NOTIFICATION | UNSUCCESSFUL LOGONS

The information system notifies the user, upon successful logon/access, of the number of unsuccessful logon/access attempts since the last successful logon/access.

Supplemental Guidance: NONE

AC-9 (2) PREVIOUS LOGON (ACCESS) NOTIFICATION | SUCCESSFUL / UNSUCCESSFUL LOGONS

The information system notifies the user of the number of [Selection: successful logons/accesses; unsuccessful logon/access attempts; both] during [Assignment: organization-defined time period].

Supplemental Guidance: NONE

AC-9 (3) PREVIOUS LOGON (ACCESS) NOTIFICATION | NOTIFICATION OF ACCOUNT CHANGES

The information system notifies the user of changes to [Assignment: organization-defined security-related characteristics/parameters of the user�s account] during [Assignment: organization-defined time period].

Supplemental Guidance: NONE

AC-9 (4) PREVIOUS LOGON (ACCESS) NOTIFICATION | ADDITIONAL LOGON INFORMATION

The information system notifies the user, upon successful logon (access), of the following additional information: [Assignment: organization-defined information to be included in addition to the date and time of the last logon (access)].

Supplemental Guidance:

This control enhancement permits organizations to specify additional information to be provided to users upon logon including, for example, the location of last logon. User location is defined as that information which can be determined by information systems, for example, IP addresses from which network logons occurred, device identifiers, or notifications of local logons.

REFERENCES:

  • NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY