Who Did What?
Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. One sub-requirement of PCI Requirement 10.3 relates to user identification in logging. To comply with PCI Requirement 10.3.1, user identification must be included in all log entries. By doing so, an organization can always identify which person performed which action. This component will help quickly identify and give details related to who contributed to a compromise.
Through interviews and observation, auditors will try to verify that user identification is included in all log entries.
Every log that’s generated must include the identification of the person or the asset that performed the action.