Skip to main content

💼 10 Log and Monitor All Access to System Components and Cardholder Data

Contextual name: 💼 10 Log and Monitor All Access to System Components and Cardholder Data
ID: /frameworks/pci-dss-v4.0/10
Located in: 💼 PCI DSS v4.0

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 10.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented.	2
💼 10.1.1 All security policies and operational procedures identified in Requirement 10 are documented, kept up to date, in use, and known to all affected parties.
💼 10.1.2 Roles and responsibilities for performing activities in Requirement 10 are documented, assigned, and understood.
💼 10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.	2
💼 10.2.1 Audit logs are enabled and active for all system components and cardholder data.	7		2
💼 10.2.1.1 Audit logs capture all individual user access to cardholder data.			4
💼 10.2.1.2 Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts.
💼 10.2.1.3 Audit logs capture all access to audit logs.			1
💼 10.2.1.4 Audit logs capture all invalid logical access attempts.			4
💼 10.2.1.5 Audit logs capture all changes to identification and authentication credentials.			1
💼 10.2.1.6 Audit logs capture all initialization of new audit logs, starting, stopping, or pausing of the existing audit logs.
💼 10.2.1.7 Audit logs capture all creation and deletion of system-level objects.
💼 10.2.2 Audit logs record the described details for each auditable event.
💼 10.3 Audit logs are protected from destruction and unauthorized modifications.	4
💼 10.3.1 Read access to audit logs files is limited to those with a job-related need.
💼 10.3.2 Audit log files are protected to prevent modifications by individuals.			4
💼 10.3.3 Audit log files, including those for external-facing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify.
💼 10.3.4 File integrity monitoring or change-detection mechanisms is used on audit logs to ensure that existing log data cannot be changed without generating alerts.			1
💼 10.4 Audit logs are reviewed to identify anomalies or suspicious activity.	3
💼 10.4.1 The audit logs are reviewed at least once daily.	1
💼 10.4.1.1 Automated mechanisms are used to perform audit log reviews.
💼 10.4.2 Logs of all other system components are reviewed periodically.	1		1
💼 10.4.2.1 The frequency of periodic log reviews for all other system components is defined in the entity's targeted risk analysis.
💼 10.4.3 Exceptions and anomalies identified during the review process are addressed.
💼 10.5 Audit log history is retained and available for analysis.	1
💼 10.5.1 Retain audit log history for at least 12 months, with at least the most recent three months immediately available for analysis.
💼 10.6 Time-synchronization mechanisms support consistent time settings across all systems.	3
💼 10.6.1 System clocks and time are synchronized using time-synchronization technology.
💼 10.6.2 Systems are configured to the correct and consistent time.
💼 10.6.3 Time synchronization settings and data are protected.
💼 10.7 Failures of critical security control systems are detected, reported, and responded to promptly.	3
💼 10.7.1 Failures of critical security control systems are detected, alerted, and addressed promptly.
💼 10.7.2 Failures of critical security control systems are detected, alerted, and addressed promptly.
💼 10.7.3 Failures of any critical security controls systems are responded to promptly.

Description
Similar
Sub Sections