PCI Requirement 10.7 – Retain Audit Trail History for at Least One Year, with Three Months Available
Description: Learn more at https://kirkpatrickprice.com/video/pc...
Now that you’ve implemented logging, what do you do them? PCI Requirement 10.7 asks that you retain audit trail history for at least one year, with a minimum of three months immediately available for analysis. A year is the recommended length of time because it may take a few months to notice a compromise. A year’s worth of audit trail history can be very helpful during analysis. The PCI DSS guidance also states, “By having three months of logs immediately available, an entity can quickly identify and minimize impact of a data breach. Storing logs in off-line locations could prevent them from being readily available, resulting in longer time frames to restore log data, perform analysis, and identify impacted systems or data.”
The assessment process for PCI Requirement 10.7 is pretty simple: examine policies and procedures and audit logs to verify that audit logs have been kept for at least one year.
More Free Resources
White Papers: https://kirkpatrickprice.com/white-pa...
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.
For more about KirkpatrickPrice: https://kirkpatrickprice.com/
Contact us today: 800-770-2701 https://kirkpatrickprice.com/contact/