>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SM-05Audit Logging: Service Provider Logging Requirements

>Control Description

Organization establishes unique logging and audit trails for each entity's cardholder data environment and complies with the following: • logs are enabled for third-party applications • logs are active by default • logs are available for review by and communicated to the owning entity

Theme

Technology

Type

Detective

Policy/Standard

Logging & Monitoring Standard

>Implementation Guidance

1. Establish a process that ensures that Organization's audit trails/audit logs: • each and every third-party application for every entity. • logs are active by default 2. Establish a process in the Organization's logging and monitoring mechanism which ensures that logs are reviewed periodically and on a need-to-do basis. Additionally, the same shall be communicated to the concerned stakeholders.

>Testing Procedure

1. Inspect Organization's audit trails/audit logs for: • each and every third-party application for every entity. • logs are active by default 2. Inspect Organization's logging and monitoring mechanism to ensure that logs are reviewed periodically and on a need-to-do basis. Additionally, validate whether the same is being communicated to the concerned stakeholders.

>Audit Artifacts

E-SM-01
E-SM-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
5

10.3
10.3.1
10.3.2
10.3.3
10.3.4

Ask AI

Configure your API key to use AI features.