PCI DSS Requirement 10


PCI DSS Requirement 10: Track and Monitor all access to network resources and cardholder data



Logging and Monitoring



Requirements Addressed

Requirement 10: Track and monitor all access to network resources and cardholder data.

10.1: Verify, through observation, monitoring, and interviewing the system administrator, that:

- Audit Trails are enabled and active for system and file components.

- Access to system components and files are linked to individual users.


10.2:  Implement automated audit trails for all system components.

- Elevation of privileges must be logged.

- Changes, addition or deletion to root or admin must be logged.

- The start, pausing and stopping of audit logs must be captured.


10.2.1: Verify all individual accesses to cardholder data is logged.

10.2.2: Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user.

10.3: Record at least the following audit trail entries for all system components for each event:
-User identification
-Type of event
-Date and time
-Success or failure identification
-Origination of event
-Identity or name of affected data, system component, or resource

10.5.3: Promptly back up audit trail files to a centralised log server or media that is difficult to alter.

10.5.5: Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts

- Block unauthorised writes to log data and critical files. Ensure only authorised processes write to log data and critical files.

- Custom rules for log files and log directories can be used to ensure protection of the full scope of critical files


10.7: Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from backup).

10.8: Ensure that security policies and operational procedures for monitoring all access to network resources and cardholder data are documented, in use, and known to all affected parties.

Solution Features



> WAF (Web Application Firewall)

- WAF can be a single point of entry to all network resources, therefore can log and track all user activity and transactions.

Critical user activity events can be intercepted and alerts raised to admin / management.

- Diagnostic and debugging t tools monitor and provide recommendations on best rules to enforce security - through heuristic / learning mode.

- Most commonly used in test phases before production deployment.


> NAC (Network Access Control)

- Tracking and reporting all network access attempts – successful and unsuccessful.
 
> Email and Web security appliances

- logs all access and actions taken by any user of the email system, administrator or otherwise.

- Logging whenever cardholder data is emailed, moved or copied from a PC to removable storage.

- Providing an audit log of all accesses and actions taken by any user of the systems, administrator or otherwise on Email and Web appliances.

- Providing an FTP backup mechanism for all logs, including the audit log - using Email and Web appliances.

> “Always on” visibility, detection and incident response solution


- Allowing the ability to actively monitor system and file components proactively and maintain audit trails of associated events. The lightweight sensor continuously monitors and records every endpoint in the enterprise building and storing audit trails for system and file components.



- Records of execution, file system modifications, registry modifications, network connections, and a copy of every unique binary executed on an enterprise machine.


Contact us today to discuss your requirements in more detail.

P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk