Having an audit trail is an important part of the Payment Card Industry Data Security Standard (PCI DSS).
Audit logs, log management, log retention are all important parts of PCI DSS requirement 10.7. PCI DSS requirements ask that audit logs must be retained for at least one year. Ninety days of PCI audit logs must also be available for immediate analysis.
It can take several months before a compromise is noticed, which is why the one-year requirement is present in PCI compliance. Log data is useful in active incident response engagements, which is why ninety days of log data is required to be available on hand. Log data is useful when an organization reviews logs in real-time. Log files contain information about security events, network resources, event logs, system components, and suspicious activity.
Protecting cardholder data is one of the key tenants of PCI DSS compliance. A mature information security program focused on PCI DSS protects cardholder data by having a strong security policy complete with security information and event management system (SIEM) that integrates multiple cybersecurity disciplines like file integrity monitoring, intrusion detection systems, user activity, data breach detection, and Syslog aggregation.
The SIEM consumes log data from log servers and provides log analysis to establish an audit trail history. A proper SIEM has alerting configured to help information security professionals find the operating system and user account compromises that may lead to credit card and card data compromise.