Back to Dashboard
Req 10: Log and Monitor All Access to System Components and Cardholder Data
Track user activities with audit trails.
Responsibility
Shared
Compliance Status
In Progress
50%Overview
Logging and monitoring are critical for detecting, preventing, and minimizing the impact of a data compromise. This requirement ensures that audit trails are created and reviewed for all system components.
Key Actions for Compliance
A non-exhaustive list of actions your organization should take to meet this requirement.
- Implement automated audit trails to reconstruct all actions related to cardholder data.
- Review logs and security events for all system components to identify anomalies or suspicious activity.
- Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
- Synchronize all critical system clocks and times.
Testing Procedures (Simplified)
How auditors may verify that this requirement is met.
- Examine system settings to verify that logging is enabled for all system components.
- Review logs to ensure they contain the required information to track user activities.
- Interview personnel to confirm that logs are reviewed regularly and that procedures are in place to respond to anomalies.