Solved

PCI audit log requirements in windows network

Posted on 2012-03-15
7
798 Views
Last Modified: 2012-03-22
Is there any document in the public domain whereby the audit and monitoring requirements of PCI are translated into an active directory environment? So you can see on an AD level how and what to audit, how long to keep it for,  to comply with PCI? Same for windows servers and workstations.
0
Comment
Question by:pma111
7 Comments
 
LVL 22

Accepted Solution

by:
yo_bee earned 167 total points
ID: 37724294
Not 100% sure if this is what you mean by PCI compliance.
https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf

I would have to read this document to see what needs to be audited before I can comment any further.
0
 
LVL 3

Author Comment

by:pma111
ID: 37724321
I was just coming at it from the angle that PCI is technology neutral, so was hoping someone may have interpreted the requirements specific to AD/Windows so admins can make the configs based on known PCI specific requirements.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 37724324
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 22

Expert Comment

by:yo_bee
ID: 37724347
0
 
LVL 3

Author Comment

by:pma111
ID: 37724582
Thats more how to get a pass that you meet all PCI requirements, as opposed one of the PCI requirements is specifically around audit LOGGING and monitoring. Thats what I was getting at...
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 167 total points
ID: 37725169
Simple answer no.
You're combining 2 concept that have absolutely no relationship.
Where in the PCI requirements does it mention holding onto logs?

PCI is all about protecting card-holder data.
The way you manage your PCI environment is through your own internal processes and documentation.

By building you environment securely and putting the proper checks in place, you'll easily be meeting the PCI requirements.

While there are tools that claim to help you with PCI compliance all they're really doing is employing a rules-based application to manage the reporting.

When planning for Audits, there is a simple process about RECORD, REMEDIATING and REPORTING.

RECORD - Create a record of what you're expecting to see, e.g. developers have access to A, Infrastructure has access to B. Record the members of the groups and audit those groups for changes.

REMEDIATE - Find anybody that has access who shouldn't have it, and remove that access, then go back and record the changes, e.g. new users, resigned users, etc.

REPORT - Report your finding, include the RECORDED items and any REMEDIATION.
then REPEAT the process.

Your PCI compliance comes from you putting in the necessary controls and managing them correctly through the appropriate procedures, like review, scans, etc.

Do yourself a favour and read the PCI requirements properly so that you understand what is actually required.

What level merchant are you?
0
 
LVL 39

Assisted Solution

by:footech
footech earned 166 total points
ID: 37734149
PCI DSS requirement 10.7 says "Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up)."  Other parts say you have to monitor the logs daily (frankly, doing this manually is probably not possible or a full-time job in itself), and store them on a central server.  How you do that is up to you.  The PCI DSS doc rarely says anything about how to do something.  A good assessor may be able to help you.

As far as audit settings, here's what I use for my 2008 R2/Win 7 machines.  The advanced audit settings help to cut down on a lot of useless crap that might otherwise be logged.
http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question