PCI Requirement 10.2.3 – Access to All Audit Trails

by Randy Bartels / December 20, 2022

 Examine Audit Trails PCI Requirement 10.2.3 requires that organizations implement automated audit trails to reconstruct access to audit trails. What’s the purpose of this? Guidance for PCI Requirement 10.2.3 states, “Malicious users often attempt to alter audit logs to hide their actions, and a record of access allows an organization to trace any inconsistencies or potential tampering of the logs to an individual account. Having access to logs identifying…

PCI Requirement 10.2.2 – All Actions Taken by Any Individual with Root or Administrative Privileges

by Sarah Harvey / December 20, 2022

 Root or Administrative Privileges Accounts that have root or administrative privileges have a greater chance of impacting the security and functionality of a system. This is why PCI Requirement 10.2.2 requires that organizations implement automated audit trails to reconstruct all actions taken by an individual with root or administrative privileges. Without logging mechanisms enabled, how could you trace issues resulting from misuse or root or administrative privileges? To verify…

PCI Requirement 10.2.1 – All Individual User Accesses to Cardholder Data

by Randy Bartels / December 20, 2022

 Identifying Which Accounts Have Been Compromised PCI Requirement 10.2.1 requires that audit trails reconstruct all individual user accesses to cardholder data. What is the purpose of PCI Requirement 10.2.1? The PCI DSS guidance explains, “Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account in order to access cardholder data. A record of all individual…

PCI Requirement 10.2 – Implement Automated Audit Trails for all System Components to Reconstruct the Events

by Randy Bartels / December 20, 2022

 What Do I Log? Because PCI Requirement 10 requires that logging mechanisms be enabled, we often hear clients ask, “What do I log?” The PCI DSS gives us specific insight into which events need to be logged so that audit trails can provide a history to help identify and trace malicious activities. PCI Requirement 10.2 requires that organizations implement automated audit trails for all system components to reconstruct the…

PCI Requirement 10.1 – Implement Audit Trails to Link All Access to System Components to Each Individual User

by Randy Bartels / December 19, 2022

 Audit Trails PCI Requirement 10.1 is a pretty straightforward requirement. It states, “Implement audit trails to link all access to system components to each individual user.” This means that everything in scope should have logging enabled to allow organizations to track suspicious activity back to a specific user. To verify compliance with PCI Requirement 10.1, an auditor will observe and interview a system administrator to see that audit trails…