PCI Requirement 10.9 – Ensure Security Policies and Procedures for Monitoring All Access to Network Resources and Cardholder Data are Documented, in Use, and Known to All Affected Parties
by Randy Bartels / May 1st, 2018
Implementing PCI Requirement 10 PCI Requirement 10 states, “Track and monitor all access to network resources and cardholder data.” Complying with PCI Requirement…
PCI Requirement 10.8.1 – Additional Requirement for Service Providers Only: Respond to Failures of Any Critical Security Controls in a Timely Manner
by Randy Bartels / May 1st, 2018
Responding Failures So, you’ve been alerted of failures of critical security controls…what do you do next? PCI Requirement 10.8.1 requires that you respond…
PCI Requirement 10.8 – Additional Requirement for Service Providers Only: Implement a Process for the Timely Detection and Reporting of Failures of Critical Control Systems
by Randy Bartels / May 1st, 2018
Monitoring Failures Without formal processes in place to detect and alert when critical security controls have failed, failures could go undetected for extended…
What is PCI Requirement 10.7 and What is an Audit Trail History?
by Randy Bartels / May 1st, 2018
PCI Compliance and Audit Trail History Now that you’ve implemented logging, what do you to them? PCI Requirement 10.7 asks that you retain…
PCI Requirement 10.6.3 – Follow Up Exceptions and Anomalies Identified During the Review Process
by Randy Bartels / May 1st, 2018
Follow Up Once an organization has completed log review, they must follow up exceptions and anomalies identified during the review process. The purpose…