PCI Requirement 10.3 – Record at Least the Following Audit Trail Entries for All System Components for Each Event

by Randy Bartels / May 1st, 2018

Who, What, Where, When, and How

Where PCI Requirement 10.2 talked about what events should cause a log to be created, PCI Requirement 10.3 defines what information a log should contain. It requires that organizations record at least the following audit trail entries for all system components for each event:

  • User identification
  • Type of event
  • Date and time
  • Success or failure indication
  • Origination of event
  • Identity or name of affected data, system component, or resource

The components required by PCI Requirement 10.3 will help quickly identify and give details related to who, what, where, when, and how compromises occur.

Where PCI Requirement 10.2 talked about what events that would cause a log to be created, PCI Requirement 10.3 defines when a log is generated or created, it must contain the following information.