PCI Requirement 10.3.4 – Success or Failure Indication

PCI Requirement 10.3.4 – Success or Failure Indication

Successful or Not?

According to PCI Requirement 10.3.4, every log that’s generated must contain a success or failure indication to demonstrate whether the action that was taken was successful or not. Most applications are pretty good about logging the failed attempts; however, we find that from an assessment perspective, many organizations struggle with the successful events.

Through interviews and observation, auditors will try to verify that a success or failure indication is included in log entries.

Video Transcript

Each log that’s generated must contain whether the action that was taken was successful or not. Most applications, or most operating systems by default, are pretty good about logging the failed attempts. However, we find that from an assessment perspective, most organizations struggle with the successful events. Whether the event was successful or not, it needs to be logged as part of the event that took place.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *