FAQ #1081 Diff
Does the logging required at PCI DSS Requirements 10.2 and 10.3 mean we have to enable database logging as well?
Earlier Version
Later Version
Removed
Added
The intent of the PCI DSS logging requirements is to provide a fullcomplete record of who did what, where, when, and how, so it can be used for investigation in the event of unexpected or unauthorized activities. ATherefore, a combination of operating system logging, database logging, and/or application logging may be implemented as appropriate to record the events defined in Requirement 10.2.
10. For example, if the operating system and/or installed applications are able and configured to log all individual access to cardholder data within a database, then configuring database logging in addition to these other logs may not be necessary.
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.