SM-03—Audit Logging: Cardholder Data Environment Activity
>Control Description
Theme
Type
Policy/Standard
Logging & Monitoring Standard>Implementation Guidance
1. Ensure that the following activity types are being logged in SIEM tool: a. individual user access to cardholder data b. administrative actions c. access to logging servers d. failed logins e. modifications to authentication mechanisms and user privileges f. initialization, stopping, or pausing of the audit logs g. creation and deletion of system-level objects h. security events i. logs of all system components that store, process, transmit, or could impact the security of cardholder data (CHD) and/or sensitive authentication data (SAD) j. logs of all critical system components k. logs of all servers and system components that perform security functions (e.g., firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, e-commerce redirection servers, etc.)
>Testing Procedure
1. Inspect SIEM Logs for a sample of in-scope production servers to validate that the below activity types are being logged: a. individual user access to cardholder data b. administrative actions c. access to logging servers d. failed logins e. modifications to authentication mechanisms and user privileges f. initialization, stopping, or pausing of the audit logs g. creation and deletion of system-level objects h. security events i. logs of all system components that store, process, transmit, or could impact the security of cardholder data (CHD) and/or sensitive authentication data (SAD) j. logs of all critical system components k. logs of all servers and system components that perform security functions (e.g., firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, e-commerce redirection servers, etc.)
>Audit Artifacts
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.