PCI Requirement 10.5.5 – Use File-Integrity Monitoring or Change-Detection Software on Logs to Ensure that Existing Log Data Cannot be Changed Without Generating Alerts
by Randy Bartels / May 1st, 2018
File-Integrity Monitoring PCI Requirement 10.5.5 requires organizations to use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot…
PCI Requirement 10.5.4 – Write Logs for External-Facing Technologies onto a Secure, Centralized, Internal Log or Media Device
by Sarah Harvey / May 1st, 2018
What is PCI Requirement 10.5.4? Another element to PCI Requirement 10 is PCI Requirement 10.5.4, which requires organizations to write logs for external-facing…
PCI Requirement 10.5.3 – Promptly Back Up Audit Trail Files to a Centralized Log Server or Media that is Difficult to Alter
by Randy Bartels / May 1st, 2018
Prevent Unauthorized Modifications PCI Requirement 10.5.3 asks organizations to promptly back up audit trail files to a centralized log server or media that…
PCI Requirement 10.5.2 – Protect Audit Trail Files from Unauthorized Modifications
by Randy Bartels / May 1st, 2018
Unauthorized vs. Authorized Modifications PCI Requirement 10.5.2 requires organizations to protect audit trail files from unauthorized modifications. What would an unauthorized modification look…
PCI Requirement 10.5.1 – Limit Viewing of Audit Trails to Those with a Job-Related Need
by Randy Bartels / May 1st, 2018
Policy of Least Privileges Protection of audit trails requires strong access controls; once again, the policy of least privileges comes into play. Audit…