10.2.2 All actions taken by any individual with root or administrative privileges

[admin]

10.2.2 Actions taken by any individual with root or administrative privileges

[mike.vella]

Hi,
Any advice on what constitutes "all actions", the logs would be considerably large if all acions where to be logged by admins.

[Roger Nebel]

All actions by users with privilege that involve card holder information must be logged. This is necessary in case of a breach to forensically determine what happened. Failing to log could make you grossly negligent and result in big fines. Big disks are cheap compared to a fine.

[jycegrcia]

Quote:

Originally Posted by admin

10.2.2 Actions taken by any individual with root or administrative privileges

As far as I know this requirement is a bit vague. What is an action? Assuming that they mean executed commands, you can meet this requirement by using the ex audit class.

[agentgreen]

Does anyone have real world examples on how to accomplish this in a Windows environment?

[Roger Nebel]

Database logging, application-specific logging, etc. All actions performed on sensitive CHD must be logged. This facilitates investigating suspected breaches or other irregularities.