Solved

PCI audit log requirements in windows network

Posted on 2012-03-15
7
844 Views
Last Modified: 2012-03-22
Is there any document in the public domain whereby the audit and monitoring requirements of PCI are translated into an active directory environment? So you can see on an AD level how and what to audit, how long to keep it for,  to comply with PCI? Same for windows servers and workstations.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 23

Accepted Solution

by:
yo_bee earned 167 total points
ID: 37724294
Not 100% sure if this is what you mean by PCI compliance.
https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf

I would have to read this document to see what needs to be audited before I can comment any further.
0
 
LVL 3

Author Comment

by:pma111
ID: 37724321
I was just coming at it from the angle that PCI is technology neutral, so was hoping someone may have interpreted the requirements specific to AD/Windows so admins can make the configs based on known PCI specific requirements.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37724324
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 23

Expert Comment

by:yo_bee
ID: 37724347
0
 
LVL 3

Author Comment

by:pma111
ID: 37724582
Thats more how to get a pass that you meet all PCI requirements, as opposed one of the PCI requirements is specifically around audit LOGGING and monitoring. Thats what I was getting at...
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 167 total points
ID: 37725169
Simple answer no.
You're combining 2 concept that have absolutely no relationship.
Where in the PCI requirements does it mention holding onto logs?

PCI is all about protecting card-holder data.
The way you manage your PCI environment is through your own internal processes and documentation.

By building you environment securely and putting the proper checks in place, you'll easily be meeting the PCI requirements.

While there are tools that claim to help you with PCI compliance all they're really doing is employing a rules-based application to manage the reporting.

When planning for Audits, there is a simple process about RECORD, REMEDIATING and REPORTING.

RECORD - Create a record of what you're expecting to see, e.g. developers have access to A, Infrastructure has access to B. Record the members of the groups and audit those groups for changes.

REMEDIATE - Find anybody that has access who shouldn't have it, and remove that access, then go back and record the changes, e.g. new users, resigned users, etc.

REPORT - Report your finding, include the RECORDED items and any REMEDIATION.
then REPEAT the process.

Your PCI compliance comes from you putting in the necessary controls and managing them correctly through the appropriate procedures, like review, scans, etc.

Do yourself a favour and read the PCI requirements properly so that you understand what is actually required.

What level merchant are you?
0
 
LVL 40

Assisted Solution

by:footech
footech earned 166 total points
ID: 37734149
PCI DSS requirement 10.7 says "Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up)."  Other parts say you have to monitor the logs daily (frankly, doing this manually is probably not possible or a full-time job in itself), and store them on a central server.  How you do that is up to you.  The PCI DSS doc rarely says anything about how to do something.  A good assessor may be able to help you.

As far as audit settings, here's what I use for my 2008 R2/Win 7 machines.  The advanced audit settings help to cut down on a lot of useless crap that might otherwise be logged.
http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question