PCI Requirement 10.3.6 – Identity or Name of Affected Data, System Component, or Resource

by Randy Bartels / May 1st, 2018

Which Assets were Impacted?

In order to identify which assets are impacted by malicious activities, PCI Requirement 10.3.6 requires that every log details the identity or name of affected data, system component, or resource. This will help organizations identify what malicious actions were taken and what the defense was.

Through interviews and observation, auditors will try to verify that the identity or name of affected data, system component, or resource is included in log entries.

Every log that’s generated needs to contain the identity of the asset that was trying to be accessed or manipulated, so that we can identify what was messed with, what was done, or what it was done to as part of the log defense.

BLOG

PCI Requirement 10.3.6 – Identity or Name of Affected Data, System Component, or Resource

Which Assets were Impacted?

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.

BLOG

PCI Requirement 10.3.6 – Identity or Name of Affected Data, System Component, or Resource

Which Assets were Impacted?

Related Posts

Categories

Newsletter