PCI Requirement 10.5 – Secure Audit Trails so They Cannot Be Altered
Protecting the Integrity of Audit Trails
Now that you’ve complied with other PCI Requirement 10 standards and have established audit trails, that information needs to be secured. Audit trails contain all the correct information about events and incidents, so malicious individuals will often seek to alter audit trails to hide their actions. PCI Requirement 10.5 requires that you secure audit trails so they cannot be altered. Your organization must protect the completeness, accuracy, and integrity of audit trails.
To meet PCI Requirement 10.5, organizations must limit access to audit trails to personnel with business-related needs, protect audit trails from unauthorized modifications, back up audit trail files on a centralized server, write logs for external-facing technologies onto a centralized, internal log server, and use file-integrity monitoring.
Now that we have all of this log material created, it contains all of the correct information that we’ve looked for, and it’s logging all of the correct events, we want to make sure that individuals with malintent, or even by accident, cannot modify these logs in an unauthorized way. There are several requirements that get called out about how we would do that.