10.7 Failures of critical security control systems are detected, reported, and responded to promptly.
This requirement focuses on ensuring that failures of critical security control systems are promptly detected, reported, and addressed. Timely response to security control failures is essential to prevent potential security breaches and data compromises.
Sub-requirements
10.7. Logging and monitoring controls are maintained and reviewed.
Ensure that logging and monitoring controls are reviewed, maintained, and evidence of these reviews is retained.
Key Risks
Frequently Asked Questions
How often should logging controls be reviewed?
At least annually, or after significant changes to systems or processes.
What should be reviewed?
Changes to log settings, failures in log collection, and evidence of review and follow-up.
How is evidence of review retained?
Through review logs, tickets, or sign-off records.
What are common mistakes with logging control reviews?
Missed reviews, lack of documentation, and failure to act on identified issues.
Why is ongoing review important?
To ensure logging controls are effective and to quickly detect and resolve any issues.
Common QSA Questions
Can you show evidence of logging control reviews?
Yes, we maintain records of all reviews, findings, and follow-up actions.
How are changes to log settings managed?
Through change management processes and regular audits.
How do you handle failures in log collection?
We monitor for failures, generate alerts, and investigate and resolve issues promptly.
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy