PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1032 Published

Can you provide clarification of PCI DSS requirement 10.3.6?

The intent of PCI DSS requirement 10.3.6 is to provide the ability for an organization to identify the data, systems, or components affected when an unauthorized access attempt is being, or has been, logged. PCI DSS requirement 10.3.6 requires organizations to record, in their audit logs, the identity or name of the data, system(s), or component(s) affected by the event being logged.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.