Logging – Which controls of PCI DSS SAQ D requirements do they address?
Requirements 10.2, 10.3, also 10.5 upto 10.5.7 deal with logging of events and retention of those events for 365 days. Logging is necessary,
- For retention of audit trail history for at least one year, with a minimum of three months immediately available of analysis
- For reviewing of all system functions
- To go back for verifications
- For thorough parsing in case of a breach
- For invalid login attempts
- For user identification
- For identification of affected data for each audit trail entry
- Type of event, date and time
Omega ATC’s customers who are using our security services are finding this to be a critical aspect of data security and for providing proof to their auditors who certify a retailer’s compliance status. Contact firstname.lastname@example.org.