Section 10.2 of
PCI DSS requires “…implementation of audit trails for all system components”. Sections 10.2.1 through 10.2.7 detail what specific actions need to be covered in the audit trail. Naturally, the first thing that caught my attention here are the System Object requirements, being specifically “creation and deletion of system level objects”. My reaction during both reviewing these specifications and also during implementation of the necessary technical controls has been: how does require logging in this fashion actually help detect an intrusion? Is the
PCI DSS approach sound from a business perspective? Is it sound from an applied science perspective?