Sub-Requirement 10.2.1, 10.2.2 and 10.2.4

10.2 Implement automated audit trails for all system components to reconstruct the following events:

  • 10.2.1 All individual user accesses to cardholder data
  • 10.2.2 All actions taken by any individual with root or administrative privileges
  • 10.2.4 Invalid logical access attempts

Illustrative Controls and the TIBCO LogLogic Solution

To satisfy this requirement, administrators must assess the authentication mechanisms used to validate user credentials (new and existing) to support the validity of transactions. Server and application activities must be monitored for failed access attempts, as they can represent malicious activities. Administrators must monitor and verify all user access to programs and data, and all access to cardholder data (that includes the full PAN – Primary Account Number) must be logged.

Reports and Alerts

  • Use the following link/reference to see the 10.2.1 and 10.2.2 reports and alerts: 10.2.1 and 10.2.2 on page 135.
  • Use the following link/reference to see the 10.2.4 and alerts: 10.2.4 on page 137.