Ctrl + K

10.2.1.3 Audit logs capture all access to audit logs.

Original requirement from PCI DSS v4.0.1

Defined Approach Requirements

Customized Approach Objective

Records of all access to audit logs are captured.

Defined Approach Testing Procedures

10.2.1.3 Examine audit log configurations and log data to verify that access to all audit logs is captured.

Purpose

Malicious users often attempt to alter audit logs to hide their actions. A record of access allows an organization to trace any inconsistencies or potential tampering of the logs to an individual account. Having logs identify changes, additions, and deletions to the audit logs can help retrace steps made by unauthorized personnel.

purpose

Log access to audit trails to prevent tampering.

compliance strategies

Log access monitoring
Immutable storage

typical policies

Audit Trail Access Policy

common pitfalls

No monitoring of log access
Logs can be altered

type

Technical Control

difficulty

High

key risks

Log tampering or deletion

recommendations

Use WORM storage or cloud immutability

Eligible SAQ

SAQ-A-EP
SAQ-D MERCHANT
SAQ-D SERVICE PROVIDER

Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy

Please enable JavaScript to view the comments powered by Disqus.Alternatively, you can view comments at our Disqus forum.

Link copied to clipboard!