PCI Requirement 10.3 – Record at Least the Following Audit Trail Entries for All System Components for Each Event

by Randy Bartels / May 1st, 2018

Who, What, Where, When, and How

Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. It requires that organizations record at least the following audit trail entries for all system components for each event:

User identification
Type of event
Date and time
Success or failure indication
Origination of event
Identity or name of affected data, system component, or resource

The components required by PCI Requirement 10.3 will help quickly identify and give details related to who, what, where, when, and how compromises occur.

Where PCI Requirement 10.2 talked about what events that would cause a log to be created, PCI Requirement 10.3 defines when a log is generated or created, it must contain the following information.

BLOG

PCI Requirement 10.3 – Record at Least the Following Audit Trail Entries for All System Components for Each Event

Who, What, Where, When, and How

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.

BLOG

PCI Requirement 10.3 – Record at Least the Following Audit Trail Entries for All System Components for Each Event

Who, What, Where, When, and How

Related Posts

Categories

Newsletter