10.4.2 Logs of all other system components are reviewed periodically
Defined Approach Requirements
10.4.2 Logs of all other system components (those not specified in Requirement 10.4.1) are reviewed periodically.
Customized Approach Objective
Potentially suspicious or anomalous activities for other system components (not included in 10.4.1) are reviewed in accordance with the entity's identified risk.
Applicability Notes
This requirement is applicable to all other in-scope system components not included in Requirement 10.4.1.
Defined Approach Testing Procedures
10.4.2.a Examine security policies and procedures to verify that processes are defined for reviewing logs of all other system components periodically.
10.4.2.b Examine documented results of log reviews and interview personnel to verify that log reviews are performed periodically.
Purpose
Periodic review of logs for all other system components (not specified in Requirement 10.4.1) helps to identify indications of potential issues or attempts to access critical systems via less-critical systems.
Sub-Requirements
purpose
Ensure timely response to exceptions and anomalies in logs.
compliance strategies
- Incident response procedures
- Escalation workflow
typical policies
- Incident Response Policy
common pitfalls
- Slow response to log alerts
- Untracked escalations
type
Process Control
difficulty
Moderate
key risks
- Prolonged breaches
recommendations
- Automate escalation and tracking
Eligible SAQ
- SAQ-A-EP
- SAQ-C
- SAQ-D MERCHANT
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy