PCI Requirement 10.2.5

The Payment Card Industry Data Security Standard (PCI DSS) Audit reports provide available documentation and compliance artifacts that help you demonstrate compliance with requirements of the PCI DSS.

The PCI Requirement 10.2.5 report provides guidance for performing log searches that help you demonstrate compliance with Requirement 10.2.5.

To access the PCI Requirement 10.2.5 report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under PCI DSS Audit, click VIEW.
  4. Click PCI Requirement 10.2.5.

The report summary page displays two columns. Testing Procedures lists each procedure that is required for testing the selected PCI requirement. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that this report can demonstrate compliance with each testing procedure.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available Documentation and Artifacts

This report provides example of log searches that help you demonstrate that the use of identification and authentication mechanisms is logged, elevation of privileges is logged, and all changes, additions, or deletions to any account with root or administrative privileges are logged.

Testing procedure for PCI 10.2.5.a

This section provides you with a link to the Alert Logic Log Search page where you can search logs for message types related to changing user accounts and groups. You can use this information to verify that the use of identification and authentication mechanisms is logged.

The report page includes a link to an Alert Logic Knowledge Base article that contains the recommended log search statements you can use on the Alert Logic Log Search page. You can use the log search statements to gather the supporting documentation that illustrates compliance with PCI Requirement 10.2.5.a.

Testing procedure for PCI 10.2.5.b

This testing procedure verifies that all elevation of privileges is logged.

This section provides you with a link to the Alert Logic Log Search page where you can search logs for message types related to elevating user privileges. You can use this information to verify that all elevation of privileges is logged.

The report page includes a link to an Alert Logic Knowledge Base article that contains the recommended log search statements you can use on the Alert Logic Log Search page. You can use the log search statements to gather the supporting documentation that illustrates compliance with PCI Requirement 10.2.5.b.

Testing procedure for PCI 10.2.5.c

This testing procedure verifies that all changes, additions, or deletions to any account with root or administrative privileges are logged.

This section column provides you with a link to the Alert Logic Log Search page where you can search logs for message types related to changing user accounts with root or administrative privileges. You can use this information to verify that all changes, additions, or deletions to any account with root or administrative privileges are logged.

The report page includes a link to an Alert Logic Knowledge Base article that contains the recommended log search statements you can use on the Alert Logic Log Search page. You can use the log search statements to gather the supporting documentation that illustrates compliance with PCI Requirement 10.2.5.c.