NIST 800-53 r5 · Controls catalogue · Family AC
AC-9Previous Logon Notification
Notify the user, upon successful logon to the system, of the date and time of the last logon.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-287 | Improper Authentication | 4,730 | Detects unauthorized successful logons resulting from improper authentication implementations. |
CWE-798 | Use of Hard-coded Credentials | 1,955 | Enables users to notice when hard-coded credentials have been exploited for unauthorized access. |
CWE-290 | Authentication Bypass by Spoofing | 631 | Reveals spoofed logon attempts through unexpected previous logon timestamps upon legitimate login. |
CWE-288 | Authentication Bypass Using an Alternate Path or Channel | 523 | Users can identify logons via alternate paths or channels by reviewing the previous logon time. |
CWE-294 | Authentication Bypass by Capture-replay | 264 | Allows detection of capture-replay attacks by showing the replayed logon's timestamp as the last logon. |
CWE-1390 | Weak Authentication | 75 | Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2024-42176 | 0.5 | 2.6 | 0.0016 | partial |