PCI Requirement 10.8

The Payment Card Industry Data Security Standard (PCI DSS) Audit reports provide available documentation and compliance artifacts that help you demonstrate compliance with requirements of the PCI DSS.

The PCI Requirement 10.8 report provides guidance to demonstrate you have implemented a process for the timely detection and reporting failures of critical security control systems, in compliance with Requirement 10.8.

To access the PCI Requirement 10.8 report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under PCI DSS Audit, click VIEW.
  4. Click PCI Requirement 10.8.

The report summary page displays two columns. Testing Procedures lists each procedure that is required for testing the selected PCI requirement. Available Documentation and Artifacts describes, and contains links to compliance artifacts that you use to demonstrate compliance with each testing procedure.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available Documentation and Artifacts

This report provides you with a link to a list of Alert Logic console users that are subscribed to receive timely alerts for detection and reporting of failures of critical control systems.

Testing procedure for PCI 10.8.a

This testing procedure verifies that documented policies and procedures are defined for the timely detection and reporting of failures of critical control security control systems.

Alert Logic does not provide data for this testing procedure. You must provide the policy and procedure documents for this audit.

Testing procedure for PCI 10.8.b

This testing procedure requires that detection and alerting processes are examined, personnel are interviewed to verify that processes are implemented for all critical security controls, and that failure of a critical security control results in the generation of an alert.

This section provides you with a link for quick access to a list of users in the Alert Logic console that are subscribed to receive health status alerts including network coverage, collection issues, and host with no agent installed.