10.2.1.7 Audit logs capture all creation and deletion of system-level objects.
Defined Approach Requirements
10.2.1.7 Audit logs capture all creation and deletion of system-level objects.
Customized Approach Objective
Records of alterations that indicate a system has been modified from its intended functionality are captured.
Defined Approach Testing Procedures
10.2.1.7 Examine audit log configurations and log data to verify that creation and deletion of system level objects is captured.
Purpose
Malicious software, such as malware, often creates or replaces system-level objects on the target system to control a particular function or operation on that system. By logging when system-level objects are created or deleted, it will be easier to determine whether such modifications were authorized.
purpose
Log creation and deletion of system-level objects.
compliance strategies
- Object change logging
- File integrity monitoring (FIM)
typical policies
- System Object Logging Policy
common pitfalls
- No FIM in place
- Missed object deletions
type
Technical Control
difficulty
Moderate
key risks
- Unauthorized system changes
recommendations
- Deploy FIM tools (Tripwire, OSSEC)
Eligible SAQ
- SAQ-A-EP
- SAQ-D MERCHANT
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy