Title

The UEM server must notify the user, upon successful logon (access) to the application, of the date and time of the last logon (access). (Cat II impact)

Discussion

Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures).

Check Content

Verify the UEM server notifies the user, upon successful logon (access) to the application, of the date and time of the last logon (access). If the UEM server does not notify the user, upon successful logon (access) to the application, of the date and time of the last logon (access), this is a finding.

Fix Text

Configure the UEM server to notify the user, upon successful logon (access) to the application, of the date and time of the last logon (access).

Additional Identifiers

Rule ID: SRG-APP-000075-UEM-000041_rule

Vulnerability ID: SRG-APP-000075-UEM-000041

Group Title: SRG-APP-000075-UEM-000041

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.