A1.2.1 Audit log capability is enabled for each customer's environment that is consistent with PCI DSS Requirement 10.
Defined Approach Requirements
A1.2.1 Audit log capability is enabled for each customer's environment that is consistent with PCI DSS Requirement 10, including:
- Logs are enabled for common third-party applications.
- Logs are active by default.
- Logs are available for review only by the owning customer.
- Log locations are clearly communicated to the owning customer.
- Log data and availability is consistent with PCI DSS Requirement 10.
Customized Approach Objective
Log capability is available to all customers without affecting the confidentiality of other customers.
Defined Approach Testing Procedures
A1.2.1 Examine documentation and system configuration settings to verify the provider has enabled audit log capability for each customer environment in accordance with all elements specified in this requirement.
Purpose
Log information is useful for detecting and troubleshooting security incidents and is invaluable for forensic investigations. Customers therefore need to have access to these logs.
However, log information can also be used by an attacker for reconnaissance, and so a customer's log information must only be accessible by the customer that the log relates to.
purpose
Log and monitor all access to each tenant's environment.
compliance strategies
- Centralized logging
- SIEM monitoring
typical policies
- Logging and Monitoring Policy
common pitfalls
- Logs not segregated by tenant
- No monitoring of access
type
Technical Control
difficulty
High
key risks
- Undetected unauthorized access
recommendations
- Automate log segregation and alerting
Eligible SAQ
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy