NIST 800-53 REV 5 • ACCESS CONTROL

AC-9(4)Additional Logon Information

Notify the user, upon successful logon, of the following additional information: {{ insert: param, ac-09.04_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizations can specify additional information to be provided to users upon logon, including the location of the last logon. User location is defined as information that can be determined by systems, such as Internet Protocol (IP) addresses from which network logons occurred, notifications of local logons, or device identifiers.

Practitioner Notes

Beyond just login success and failure, this provides additional information like which authentication method was used, the device, and the location. Richer context helps users spot anomalies faster.

Example 1: Azure AD's My Sign-ins page automatically shows IP address, location, device, browser, and authentication method for every sign-in. No additional configuration needed — just train users to check it regularly.

Example 2: For on-premises systems, configure a PowerShell scheduled task that emails each user a weekly summary of their logon activity from the Security event log — including computer name, logon type (interactive, network, RDP), and timestamps. Users can review and flag anything unexpected.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management