PCI audit log requirements in windows network

Is there any document in the public domain whereby the audit and monitoring requirements of PCI are translated into an active directory environment? So you can see on an AD level how and what to audit, how long to keep it for,  to comply with PCI? Same for windows servers and workstations.
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
Not 100% sure if this is what you mean by PCI compliance.
https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf

I would have to read this document to see what needs to be audited before I can comment any further.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
I was just coming at it from the angle that PCI is technology neutral, so was hoping someone may have interpreted the requirements specific to AD/Windows so admins can make the configs based on known PCI specific requirements.
0
yo_beeDirector of Information TechnologyCommented:
0
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

pma111Author Commented:
Thats more how to get a pass that you meet all PCI requirements, as opposed one of the PCI requirements is specifically around audit LOGGING and monitoring. Thats what I was getting at...
0
Leon FesterSenior Solutions ArchitectCommented:
Simple answer no.
You're combining 2 concept that have absolutely no relationship.
Where in the PCI requirements does it mention holding onto logs?

PCI is all about protecting card-holder data.
The way you manage your PCI environment is through your own internal processes and documentation.

By building you environment securely and putting the proper checks in place, you'll easily be meeting the PCI requirements.

While there are tools that claim to help you with PCI compliance all they're really doing is employing a rules-based application to manage the reporting.

When planning for Audits, there is a simple process about RECORD, REMEDIATING and REPORTING.

RECORD - Create a record of what you're expecting to see, e.g. developers have access to A, Infrastructure has access to B. Record the members of the groups and audit those groups for changes.

REMEDIATE - Find anybody that has access who shouldn't have it, and remove that access, then go back and record the changes, e.g. new users, resigned users, etc.

REPORT - Report your finding, include the RECORDED items and any REMEDIATION.
then REPEAT the process.

Your PCI compliance comes from you putting in the necessary controls and managing them correctly through the appropriate procedures, like review, scans, etc.

Do yourself a favour and read the PCI requirements properly so that you understand what is actually required.

What level merchant are you?
0
footechCommented:
PCI DSS requirement 10.7 says "Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up)."  Other parts say you have to monitor the logs daily (frankly, doing this manually is probably not possible or a full-time job in itself), and store them on a central server.  How you do that is up to you.  The PCI DSS doc rarely says anything about how to do something.  A good assessor may be able to help you.

As far as audit settings, here's what I use for my 2008 R2/Win 7 machines.  The advanced audit settings help to cut down on a lot of useless crap that might otherwise be logged.
http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.