PCI Requirement 10.2.5 – Use of and Changes to Identification and Authentication Mechanisms and Accounts with Root or Administrative Privileges

by Randy Bartels / December 20, 2022

 What is PCI Requirement 10.2.5? PCI Requirement 10.2.5 requires that organizations implement automated audit trails to reconstruct the use of and changes to identification and authentication mechanisms — including but not limited to creation of new accounts and elevation of privileges — and all changes, additions, or deletions to accounts with root or administrative privileges. The guidance on PCI Requirement 10.2.5 explains that without knowing which users were logged…

PCI Requirement 10.2.4 – Invalid Logical Access Attempts

by Randy Bartels / May 31, 2023

 Is There a Log of That? Invalid logical access attempts are often an indication of a malicious user attempting to access something they don’t have permission to. This is why PCI Requirement 10.2.4 requires that organizations implement automated audit trails to reconstruct invalid logical access attempts. Misspell your password? There should be a log of that. Someone tries to view a file that they don’t have permission to? There…

PCI Requirement 10.2.3 – Access to All Audit Trails

by Randy Bartels / December 20, 2022

 Examine Audit Trails PCI Requirement 10.2.3 requires that organizations implement automated audit trails to reconstruct access to audit trails. What’s the purpose of this? Guidance for PCI Requirement 10.2.3 states, “Malicious users often attempt to alter audit logs to hide their actions, and a record of access allows an organization to trace any inconsistencies or potential tampering of the logs to an individual account. Having access to logs identifying…

PCI Requirement 10.2.2 – All Actions Taken by Any Individual with Root or Administrative Privileges

by Sarah Harvey / December 20, 2022

 Root or Administrative Privileges Accounts that have root or administrative privileges have a greater chance of impacting the security and functionality of a system. This is why PCI Requirement 10.2.2 requires that organizations implement automated audit trails to reconstruct all actions taken by an individual with root or administrative privileges. Without logging mechanisms enabled, how could you trace issues resulting from misuse or root or administrative privileges? To verify…

PCI Requirement 10.2.1 – All Individual User Accesses to Cardholder Data

by Randy Bartels / December 20, 2022

 Identifying Which Accounts Have Been Compromised PCI Requirement 10.2.1 requires that audit trails reconstruct all individual user accesses to cardholder data. What is the purpose of PCI Requirement 10.2.1? The PCI DSS guidance explains, “Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account in order to access cardholder data. A record of all individual…