PCI Requirement 10.3.1 – User Identification

PCI Requirement 10.3.1 – User Identification

Who Did What?

Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. One sub-requirement of PCI Requirement 10.3 relates to user identification in logging. To comply with PCI Requirement 10.3.1, user identification must be included in all log entries. By doing so, an organization can always identify which person performed which action. This component will help quickly identify and give details related to who contributed to a compromise.

Through interviews and observation, auditors will try to verify that user identification is included in all log entries.

Video Transcript

Every log that’s generated must include the identification of the person or the asset that performed the action.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *