PCI Requirement 10.5.4 – Write Logs for External-Facing Technologies onto a Secure, Centralized, Internal Log or Media Device
What is PCI Requirement 10.5.4?
Another element to PCI Requirement 10 is PCI Requirement 10.5.4, which requires organizations to write logs for external-facing technologies onto a secure, centralized, internal log server or media device. The PCI DSS explains the purpose of PCI Requirement 10.5.4 when it states, “By writing logs from external-facing technologies such as wireless, firewalls, DNS, and mail servers, the risk of those logs being lost or altered is lowered, as they are more secure within the internal network.”
During an assessment, an assessor will examine logs external-facing technologies and ensure they are written onto a secure, centralized, internal log server or media.
Back in PCI Requirement 1, we talked about establishing a DMZ. You’re going to have firewalls, web servers, email servers, SFTP servers, or you might have a plethora of devices out there. What we require from the PCI perspective is that the logs that are being generated off of those devices pull those logs back into your internal environment. You assessor is going to be pulling the configurations from those devices and looking at where you’re writing those logs to, making sure that those particular logs are pulled out of the DMZ and stored within the secure safe net or secured portion of your network.