Notice their writeup for PCI (and SOX) compliance
http://www.logzilla.net/solutions/pci-compliance
Logzilla addresses the logging portion of requirements 4 and 10 for PCI compliance. Sarbanes-Oxley (SOX), HIPPA, and Cobit 4.1 have similar requirements.
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
- 4.1: Use strong cryptography and security protocols, such as SSL, TSL, and SSH
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 10.2: Implement automated audit trails for all system components
- Requirement 10.3: Record at least the following audit trail entries for all system components for each event
- 10.3.1: User Identification
- 10.3.2: Type of event
- 10.3.3: Date and time
- 10.3.4: Success or failure indication
- 10.3.5: Origination of event
- 10.3.6: Identity or name of affected data, system component, or resource
- 10.4: Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time
- 10.5: Secure audit trails so they cannot be altered
- 10.5.1: Limit viewing of audit trails to those with a job-related need
- 10.5.2: Protect audit trail files from unauthorized modifications
- 10.5.3: Promptly back-up audit trail files to a centralized log server or media that is difficult to alter
- 10.5.4: Copy logs for wireless networks onto a log server on the internal LAN
- 10.5.5: Use file integrity monitoring and change detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert
- Requirement 10.7: Retain an audit trail history for at least one year, with a minimum of three months online availability
No comments:
Post a Comment