In this Episode 9 of my NIST SP 800-53 Rev 5 Access Control explanatory series, I break down AC-9 (Previous Logon Notification) and simplify what the control is really asking for. The idea is straightforward: after a successful login, the system should notify the user of the date and time of their last successful logon. I also explain why that matters—because it helps users spot discrepancies that could indicate compromised or stolen credentials. I use a real-world example you’ve probably seen before (like banking logon screens) where it shows your “last sign-in” so you can tell if someone has been in your account. I also walk through the control enhancements (unsuccessful logons, successful/unsuccessful logons, notification of account changes, and additional logon information), and then I get practical about how I assess/test AC-9 during an SCA or self-assessment. I cover what evidence I look for: access control policies/procedures, the SSP implementation statement, and either configuration screenshots or a live login observation to confirm the last logon date/time is displayed. Finally, I call out an important reality: AC-9 isn’t selected in the low/moderate/high baselines in Rev 4 or Rev 5, so you may not see it often—but you still need to understand it for systems that implement it as extra security.