Ctrl + K

10.2.1.4 Audit logs capture all invalid logical access attempts.

Original requirement from PCI DSS v4.0.1

Defined Approach Requirements

Customized Approach Objective

Records of all invalid access attempts are captured.

Defined Approach Testing Procedures

10.2.1.4 Examine audit log configurations and log data to verify that invalid logical access attempts are captured.

Purpose

Malicious individuals will often perform multiple access attempts on targeted systems. Multiple invalid login attempts may be an indication of an unauthorized user's attempt to "brute force" or guess a password.

purpose

Log invalid logical access attempts.

compliance strategies

Failed login logging
Alerting on brute force

typical policies

Access Attempt Logging Policy

common pitfalls

No alerts for repeated failures
Missed brute force attacks

type

Technical Control

difficulty

Moderate

key risks

Account compromise via brute force

recommendations

Integrate SIEM with alerting rules

Eligible SAQ

SAQ-A-EP
SAQ-C
SAQ-D MERCHANT
SAQ-D SERVICE PROVIDER

Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy

Please enable JavaScript to view the comments powered by Disqus.Alternatively, you can view comments at our Disqus forum.

Link copied to clipboard!