Get started Bring yourself up to speed with our introductory content.

PCI DSS Requirement 10: Track and monitor network access

Many organizations have disparate networks and must manually track each system's log files in order to comply with PCI DSS. Individually sifting through system logs can be a major drain on IT, especially when the cause of a compromise needs to be determined. In this guide, Craig Norris explains how to pass the Payment Card Industry's troublesome tenth requirement.

Many organizations have disparate networks and must manually track each system's log files in order to comply with...

PCI DSS. Individually sifting through system logs can not only be an extremely time-consuming process, but the task can also be a major drain on IT, especially when you need to determine the cause of a compromise. Organizations have to track and monitor all access to network resources and cardholder data, including real-time, daily and active events. Aside from managing these logs, most organizations don't have a good policy that addresses the various types of information being logged, and companies have no way of sustaining the integrity of the logged data. When it comes to having access to credit card data, organizations should not only have audit trails in place, but they should also only provide this kind of sensitive information to people who absolutely need to know it.

How to pass PCI Requirement 10

Even though analyzing logs and event data analysis is directly specified in the PCI DSS, it is simply good practice for any organization to monitor events. In an average information systems environment, event data is distributed, very large and at times hard to decipher. Most operating systems, by default, have utilities that analyze events, but they only offer basic features. Consequently, there is often no way for IT personnel to be alerted when specific critical events are logged, such as the unauthorized access of cardholder information. For the most part, the event browsing and filtering capabilities provided by these tools are restricted.

Take SIM to the next level

However, there are a number of impressive software- and hardware- based security information management (SIM) products that provide comprehensive log management. SIM tools can centralize events, automate the aggregation and correlation of event data, issue alerts and provide extremely detailed reporting capabilities. While aggregating events, SIMs will not only assist in creating a baseline of normal network activity, but they will also provide built-in rules to categorize them, triggering alerts and procedures as a result. Many security information management products also provide default rule sets that classify events according to PCI requirements.


  Requirement 3: Protecting stored data
  Requirement 11: Regularly test security systems and processes
  Requirement 8: Assign a unique ID to users
  Requirement 10: Monitor access to network resources, data
  Requirement 1: Install and maintain a firewall configuration


Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via [email protected].


This was last published in September 2007

Dig Deeper on IT security audits and audit frameworks