by Randy Bartels / December 20, 2022

 Examine Audit Trails PCI Requirement 10.2.3 requires that organizations implement automated audit trails to reconstruct access to audit trails. What’s the purpose of this? Guidance for PCI Requirement 10.2.3 states, “Malicious users often attempt to alter audit logs to hide their actions, and a record of access allows an organization to trace any inconsistencies or potential tampering of the logs to an individual account. Having access to logs identifying…

by Sarah Harvey / December 20, 2022

 Root or Administrative Privileges Accounts that have root or administrative privileges have a greater chance of impacting the security and functionality of a system. This is why PCI Requirement 10.2.2 requires that organizations implement automated audit trails to reconstruct all actions taken by an individual with root or administrative privileges. Without logging mechanisms enabled, how could you trace issues resulting from misuse or root or administrative privileges? To verify…

by Randy Bartels / December 20, 2022

 Identifying Which Accounts Have Been Compromised PCI Requirement 10.2.1 requires that audit trails reconstruct all individual user accesses to cardholder data. What is the purpose of PCI Requirement 10.2.1? The PCI DSS guidance explains, “Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account in order to access cardholder data. A record of all individual…

by Randy Bartels / December 20, 2022

 What Do I Log? Because PCI Requirement 10 requires that logging mechanisms be enabled, we often hear clients ask, “What do I log?” The PCI DSS gives us specific insight into which events need to be logged so that audit trails can provide a history to help identify and trace malicious activities. PCI Requirement 10.2 requires that organizations implement automated audit trails for all system components to reconstruct the…