PCI Requirement 10.1 is a pretty straightforward requirement. It states, “Implement audit trails to link all access to system components to each individual user.” This means that everything in scope should have logging enabled to allow organizations to track suspicious activity back to a specific user. To verify compliance with PCI Requirement 10.1, an auditor will observe and interview a system administrator to see that audit trails are enabled and active for system components and access to system components is linked to individual users.
PCI Requirement 10.1 is pretty plain and simple. It says that everything that’s in scope should have logging enabled, and that’s kind of the end of the conversation there. From an assessment perspective, we’re going to be looking at your applications; we’re going to be looking at your routers, your firewalls. We’re going to be looking at everything within your environment to make sure that logging is actually enabled.