| ๐ผ 10.1 Implement audit trails to link all access to system components to each individual user. | | 4 | 4 | |
| ๐ผ 10.2 Implement automated audit trails for all system components. | 7 | | 2 | |
| ย ย ย ย ๐ผ 10.2.1 All individual user accesses to cardholder data. | | 4 | 4 | |
| ย ย ย ย ๐ผ 10.2.2 All actions taken by any individual with root or administrative privileges. | | | | |
| ย ย ย ย ๐ผ 10.2.3 Access to all audit trails. | | 1 | 1 | |
| ย ย ย ย ๐ผ 10.2.4 Invalid logical access attempts. | | 4 | 4 | |
| ย ย ย ย ๐ผ 10.2.5 Use of and changes to identification and authentication mechanisms. | | 1 | 1 | |
| ย ย ย ย ๐ผ 10.2.6 Initialization, stopping, or pausing of the audit logs. | | | | |
| ย ย ย ย ๐ผ 10.2.7 Creation and deletion of system level objects. | | 1 | 1 | |
| ๐ผ 10.3 Record audit trail entries for all system components for each event. | 6 | | | |
| ย ย ย ย ๐ผ 10.3.1 User identification. | | | | |
| ย ย ย ย ๐ผ 10.3.2 Type of event. | | | | |
| ย ย ย ย ๐ผ 10.3.3 Date and time. | | | 1 | |
| ย ย ย ย ๐ผ 10.3.4 Success or failure indication. | | | 1 | |
| ย ย ย ย ๐ผ 10.3.5 Origination of event. | | | 1 | |
| ย ย ย ย ๐ผ 10.3.6 Identity or name of affected data, system component, or resource. | | | 1 | |
| ๐ผ 10.4 Using time-synchronization technology, synchronize all critical system clocks and times. | 3 | | | |
| ย ย ย ย ๐ผ 10.4.1 Critical systems have the correct and consistent time. | | | | |
| ย ย ย ย ๐ผ 10.4.2 Time data is protected. | | | | |
| ย ย ย ย ๐ผ 10.4.3 Time settings are received from industry-accepted time sources. | | | | |
| ๐ผ 10.5 Secure audit trails so they cannot be altered. | 5 | 2 | 2 | |
| ย ย ย ย ๐ผ 10.5.1 Limit viewing of audit trails to those with a job-related need. | | | | |
| ย ย ย ย ๐ผ 10.5.2 Protect audit trail files from unauthorized modifications. | | 2 | 4 | |
| ย ย ย ย ๐ผ 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter. | | | | |
| ย ย ย ย ๐ผ 10.5.4 Write logs for external-facing technologies onto a secure, centralized, internal log server or media device. | | | | |
| ย ย ย ย ๐ผ 10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts. | | 1 | 1 | |
| ๐ผ 10.6 Review logs and security events for all system components to identify anomalies or suspicious activity. | 3 | | | |
| ย ย ย ย ๐ผ 10.6.1 Review security events and critical system component logs at least daily. | | | | |
| ย ย ย ย ๐ผ 10.6.2 Review logs of all other system components periodically based on the organization's policies and risk management strategy, as determined by the organization's annual risk assessment. | | | 1 | |
| ย ย ย ย ๐ผ 10.6.3 Follow up exceptions and anomalies identified during the review process. | | | | |
| ๐ผ 10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis. | | | | |
| ๐ผ 10.8 Implement a process for the timely detection and reporting of failures of critical security control systems. | 1 | | | |
| ย ย ย ย ๐ผ 10.8.1 Respond to failures of any critical security controls in a timely manner. | | | | |
| ๐ผ 10.9 Ensure that security policies and operational procedures for monitoring all access to network resources and cardholder data are documented, in use, and known to all affected parties. | | | | |