Friday, September 22, 2006

It Is NOT Just Requirement 10!

So, even very smart folks are somewhat confused about this one: what's the story with PCI requirements and log management. They all point to Requirement 10 ("Track and monitor all access to network resources and cardholder data.") and ignore the rest of the PCI requirements. I hint at that in my paper on PCI and logs and further discuss in this upcoming webcast, feel free to check it out. Logs show up all over the requirements and are important or critical for achieving a much large set of PCI objectives...

Dr Anton Chuvakin