Requirement 10: Log and Monitor All Access to System Components and Cardholder Data
Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise.
The presence of logs on all system components and in the cardholder data environment (CDE) allows thorough tracking, alerting, and analysis
when something does go wrong. Determining the cause of a compromise is difficult, if not impossible, without system activity logs.
This requirement applies to user activities, including those by employees, contractors, consultants, and internal and external vendors, and other
third parties (for example, those providing support or maintenance services).
These requirements do not apply to user activity of consumers (cardholders).
Go on to Requirement 11 - Regular Security Testing.
Go back to Requirement 9 - Physical Access Restrictions.