10.5 Audit log history is retained and available for analysis.
This requirement focuses on ensuring that audit log history is properly retained and readily available for analysis. Maintaining historical log data is essential for investigating security incidents and understanding the scope and timeline of potential breaches.
Sub-requirements
10.5. Audit logs are retained as required.
Ensure that audit logs are retained for at least 12 months, with at least three months immediately available for analysis.
Key Risks
Frequently Asked Questions
How long must audit logs be retained?
At least 12 months, with three months immediately available for analysis.
Why is log retention important?
It ensures logs are available for investigations, audits, and compliance validation.
How are logs made immediately available?
By storing them in a central, accessible location with appropriate access controls.
What are the risks of not retaining logs?
Inability to investigate incidents or demonstrate compliance.
How is log retention enforced?
Through automated retention policies and regular audits.
Common QSA Questions
Can you show your log retention configuration and evidence?
Yes, we have retention policies and logs demonstrating compliance with PCI DSS requirements.
How are logs made available for analysis?
They are stored in a central SIEM or log management system with authorized access.
How do you ensure logs are not deleted prematurely?
We use automated retention controls and monitor for any unauthorized deletions.
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy