What Type of Event Occurred?
PCI Requirement 10.3 defines what information logs should contain. PCI Requirement 10.3.2, a part of PCI Requirement 10.3, relates to detailing which types of events go into logs. To comply with PCI Requirement 10.3.2, every log that’s generated must contain the type of event that happened during that log event. By doing so, an organization can always identify what type of event occurred and possibly how it occurred.
Through interviews and observation, auditors will try to verify that the type of event is included in log entries.
Every log that’s generated must contain the type of event that happened during that log event.