PCI DSS Requirement 10: Logging and Monitoring – Why the fuss and fret?

  • Team Omega
  • August 28, 2013

Logs play a pivotal role in PCI DSS and are crucial to discovering possible threats, vulnerabilities, breaches, and the mitigation and remediation of breaches. The fuss is also about satisfying the requirements of every sub-section of this control plus the review and parsing of logs, reports following each log activity and maintenance of all these logs and reports for 365 days. 

This can be overwhelming for a retailer who needs to go through an audit every year.  Unfortunately, Level 1 and Level 2 merchants do not have a choice.  PCI DSS mandates this piece as it is one of the most important PCI DSS controls needed for PCI Compliance and securing the data of a customer. In addition, collection of these logs and reports and the evidence that it has been ongoing for a year is critical.

So, what is a retailer supposed to do with so many details to think of for just one control.  Read the rest of the article