Blog

PCI Requirement 10.3.1 – User Identification

by Randy Bartels / December 20, 2022

Who Did What? Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. One sub-requirement of PCI Requirement 10.3 relates to user identification in logging. To comply with PCI Requirement 10.3.1, user identification must be included in all log entries. By doing so, an organization can always identify which person performed which action. This…

PCI Requirement 10.3 – Record at Least the Following Audit Trail Entries for All System Components for Each Event

by Randy Bartels / December 20, 2022

Who, What, Where, When, and How Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. It requires that organizations record at least the following audit trail entries for all system components for each event: User identification Type of event Date and time Success or failure indication Origination of event Identity or name of…

PCI Requirement 10.2.7 – Creation and Deletion of System-Level Objects

by Randy Bartels / December 20, 2022

What is a System-Level Object? PCI Requirement 10.2.7 requires that audit trails can reconstruct the creation and deletion of system-level objects. The PCI SSC defines a system-level object as anything on a system component that is required for its operation, including but not limited to database tables, stored procedures, application executables and configuration files, system configuration files, static and shared libraries and DLLs, system executables, device drivers and device…

PCI Requirement 10.2.6 – Initialization, Stopping, or Pausing of the Audit Logs

by Randy Bartels / December 20, 2022

What Does the Initialization, Stopping, or Pausing of Audit Logs Indicate? Stopping or pausing audit logs prior to performing malicious activities is a common practice for users hoping to avoid detection, and initialization of audit logs could indicate that the log function was disabled by a user. This is why PCI Requirement 10.2.6 requires that audit trails can reconstruct the initialization, stopping, or pausing of audit logs. To demonstrate…

PCI Requirement 10.2.5 – Use of and Changes to Identification and Authentication Mechanisms and Accounts with Root or Administrative Privileges

by Randy Bartels / December 20, 2022

What is PCI Requirement 10.2.5? PCI Requirement 10.2.5 requires that organizations implement automated audit trails to reconstruct the use of and changes to identification and authentication mechanisms — including but not limited to creation of new accounts and elevation of privileges — and all changes, additions, or deletions to accounts with root or administrative privileges. The guidance on PCI Requirement 10.2.5 explains that without knowing which users were logged…

PCI Requirement 10.3.1 – User Identification

PCI Requirement 10.3 – Record at Least the Following Audit Trail Entries for All System Components for Each Event

PCI Requirement 10.2.7 – Creation and Deletion of System-Level Objects

PCI Requirement 10.2.6 – Initialization, Stopping, or Pausing of the Audit Logs

PCI Requirement 10.2.5 – Use of and Changes to Identification and Authentication Mechanisms and Accounts with Root or Administrative Privileges

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.