Who, What, Where, When, and How
Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. It requires that organizations record at least the following audit trail entries for all system components for each event:
- User identification
- Type of event
- Date and time
- Success or failure indication
- Origination of event
- Identity or name of affected data, system component, or resource
The components required by PCI Requirement 10.3 will help quickly identify and give details related to who, what, where, when, and how compromises occur.
Where PCI Requirement 10.2 talked about what events that would cause a log to be created, PCI Requirement 10.3 defines when a log is generated or created, it must contain the following information.