Payment Card Industry – Data Security Standards (PCI-DSS) Compliance Reports
If an organization stores, transmits, or processes customer credit card data, it must observe the Payment Card Industry - Data Security Standards (PCI-DSS) guidelines. SureLog ensures compliance of the policy’s 10th section, which mandates payment service providers and merchants to track and report on all access to their network resources and cardholder data using system activity logs. The use and presence of system logs allow forensic analysis to pin-point the exact cause of an error or break in the networked environment. Without system activity logs, it is difficult to determine the exact cause of a compromise.
SureLog covers the following PCI-DSS Requirements:
PCI-DSS Requirements 10.1 and 10.2.2 - User Access
- Individual User Action
PCI-DSS Requirements 10.2.1 and 10.2.3 - Logon
- Successful User Logons
- Successful User Logoffs
- Unsuccessful User Logons
- Terminal Service Session
PCI-DSS Requirements 10.2.3 - Policy Changes
- User Policy Changes
- Domain Policy Changes
- Audit Policy Changes
PCI-DSS Requirements 10.2.6 - System Events
- System Logs
- Audit Logs Cleared
PCI-DSS Requirements 10.2.7 - Object Access
- Object Accessed
- Object Created
- Object Modified
- Object Deleted
- Object Handle