5.3.4 Audit logs for the anti-malware solution(s) are enabled and retained in accordance with Requirement 10.5.1.
Defined Approach Requirements
5.3.4 Audit logs for the anti-malware solution(s) are enabled and retained in accordance with Requirement 10.5.1.
Customized Approach Objective
Historical records of anti-malware actions are immediately available and retained for at least 12 months.
Defined Approach Testing Procedures
5.3.4 Examine anti-malware solution(s) configurations to verify logs are enabled and retained in accordance with Requirement 10.5.1.
Purpose
It is important to track the effectiveness of the anti-malware mechanisms—for example, by confirming that updates and scans are being performed as expected, and that malware is identified and addressed. Audit logs also allow an entity to determine how malware entered the environment and track its activity when inside the entity's network.
purpose
Ensure anti-malware solutions are actively running and cannot be disabled or altered unless authorized.
compliance strategies
- Monitoring tools
- Admin-only changes
typical policies
- Anti-Malware Operations Policy
common pitfalls
- Unmonitored endpoints
- Unauthorized changes
type
Technical Control
difficulty
Moderate
key risks
- Malware infection due to disabled protection
recommendations
- Centralized monitoring of endpoint status
Eligible SAQ
- SAQ-A-EP
- SAQ-C
- SAQ-C-VT
- SAQ-D MERCHANT
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy