10.2.1.1 Audit logs capture all individual user access to cardholder data.
Defined Approach Requirements
10.2.1.1 Audit logs capture all individual user access to cardholder data.
Customized Approach Objective
Records of all individual user access to cardholder data are captured.
Defined Approach Testing Procedures
10.2.1.1 Examine audit log configurations and log data to verify that all individual user access to cardholder data is logged.
Purpose
It is critical to have a process or system that links user access to system components accessed. Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account to access cardholder data.
Good Practice
A record of all individual access to cardholder data can identify which accounts may have been compromised or misused.
purpose
Log all individual user access to cardholder data.
compliance strategies
- Enable access logging
- Unique user IDs
typical policies
- Access Logging Policy
common pitfalls
- Shared accounts
- Missing user attribution
type
Technical Control
difficulty
Moderate
key risks
- Untraceable data access
recommendations
- Enforce unique logins for all system access
Eligible SAQ
- SAQ-A-EP
- SAQ-D MERCHANT
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy