Diff: FAQ #1032
Can you provide clarification of PCI DSS requirement 10.3.6?
Earlier Version
Later Version
Removed
Added
The intent of PCI DSS requirementRequirement 10.3.6 is to provide the ability for an organization to identify the data, systems, or components affected when an unauthorized access attempt is being, or has been, logged. PCI DSS requirement 10.3.6 requires organizations to record, in theirthat audit logs,logs include the identity or name of the data, system(s), or component(s) that is affected by the event being logged. This helps organizations to identify where an event occurred and the potential impact.
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.