Applications upon successful logon, must display to the user the date and time of the last logon (access).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35266 | SRG-APP-000075-MAPP-NA | SV-46553r1_rule | Medium |
| Description |
|---|
| Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service oriented architectures). Rationale for non-applicability: This control is required in the MOS SRG. Mobile applications do not have additional authentication requirements. If the mobile application connects to a remote enterprise application, the remote application can provide any required notifications. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-43635r1_chk ) |
|---|
| This requirement is NA for the MAPP SRG. |
| Fix Text (F-39812r1_fix) |
|---|
| The requirement is NA. No fix is required. |