• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 894
  • Last Modified:

PCI audit log requirements in windows network

Is there any document in the public domain whereby the audit and monitoring requirements of PCI are translated into an active directory environment? So you can see on an AD level how and what to audit, how long to keep it for,  to comply with PCI? Same for windows servers and workstations.
0
pma111
Asked:
pma111
3 Solutions
 
yo_beeDirector of Information TechnologyCommented:
Not 100% sure if this is what you mean by PCI compliance.
https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf

I would have to read this document to see what needs to be audited before I can comment any further.
0
 
pma111Author Commented:
I was just coming at it from the angle that PCI is technology neutral, so was hoping someone may have interpreted the requirements specific to AD/Windows so admins can make the configs based on known PCI specific requirements.
0
 
yo_beeDirector of Information TechnologyCommented:
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
pma111Author Commented:
Thats more how to get a pass that you meet all PCI requirements, as opposed one of the PCI requirements is specifically around audit LOGGING and monitoring. Thats what I was getting at...
0
 
Leon FesterSenior Solutions ArchitectCommented:
Simple answer no.
You're combining 2 concept that have absolutely no relationship.
Where in the PCI requirements does it mention holding onto logs?

PCI is all about protecting card-holder data.
The way you manage your PCI environment is through your own internal processes and documentation.

By building you environment securely and putting the proper checks in place, you'll easily be meeting the PCI requirements.

While there are tools that claim to help you with PCI compliance all they're really doing is employing a rules-based application to manage the reporting.

When planning for Audits, there is a simple process about RECORD, REMEDIATING and REPORTING.

RECORD - Create a record of what you're expecting to see, e.g. developers have access to A, Infrastructure has access to B. Record the members of the groups and audit those groups for changes.

REMEDIATE - Find anybody that has access who shouldn't have it, and remove that access, then go back and record the changes, e.g. new users, resigned users, etc.

REPORT - Report your finding, include the RECORDED items and any REMEDIATION.
then REPEAT the process.

Your PCI compliance comes from you putting in the necessary controls and managing them correctly through the appropriate procedures, like review, scans, etc.

Do yourself a favour and read the PCI requirements properly so that you understand what is actually required.

What level merchant are you?
0
 
footechCommented:
PCI DSS requirement 10.7 says "Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up)."  Other parts say you have to monitor the logs daily (frankly, doing this manually is probably not possible or a full-time job in itself), and store them on a central server.  How you do that is up to you.  The PCI DSS doc rarely says anything about how to do something.  A good assessor may be able to help you.

As far as audit settings, here's what I use for my 2008 R2/Win 7 machines.  The advanced audit settings help to cut down on a lot of useless crap that might otherwise be logged.
http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now