FAQ #1032 - Can you provide clarification of PCI DSS requirement 10.3.6?

ℹ️

Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.

View Original →

FAQ #1032 Published Version: 2014-05-29T14:48:00+00:00

Can you provide clarification of PCI DSS requirement 10.3.6?

The intent of PCI DSS Requirement 10.3.6 is that audit logs include the identity or name of the data, system(s), or component(s) that is affected by the event being logged. This helps organizations to identify where an event occurred and the potential impact.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.