Title: The DBMS must, upon successful login, display to the user the date and time of the users last login.
Vulnerability ID: V-32259
IA Controls: None
Description: Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.
This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service oriented architectures).
Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account.
Check Text: This requirement applies to interactive accounts only.
Log into the database and verify a message is displayed with date and time of the last login. On some systems this information may be displayed at the OS login level. If the system displays this information at the OS level, this is not a finding.
If no message is displayed, or if the message does not contain date and time of last login, this is a finding.
Fix Text: For interactive accounts, configure the DBMS to display a message to the user, with the date and time of that user’s last login, upon successful login.[divider]