Solved

PCI audit log requirements in windows network

Posted on 2012-03-15
7
805 Views
Last Modified: 2012-03-22
Is there any document in the public domain whereby the audit and monitoring requirements of PCI are translated into an active directory environment? So you can see on an AD level how and what to audit, how long to keep it for,  to comply with PCI? Same for windows servers and workstations.
0
Comment
Question by:pma111
7 Comments
 
LVL 22

Accepted Solution

by:
yo_bee earned 167 total points
ID: 37724294
Not 100% sure if this is what you mean by PCI compliance.
https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf

I would have to read this document to see what needs to be audited before I can comment any further.
0
 
LVL 3

Author Comment

by:pma111
ID: 37724321
I was just coming at it from the angle that PCI is technology neutral, so was hoping someone may have interpreted the requirements specific to AD/Windows so admins can make the configs based on known PCI specific requirements.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 37724324
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 22

Expert Comment

by:yo_bee
ID: 37724347
0
 
LVL 3

Author Comment

by:pma111
ID: 37724582
Thats more how to get a pass that you meet all PCI requirements, as opposed one of the PCI requirements is specifically around audit LOGGING and monitoring. Thats what I was getting at...
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 167 total points
ID: 37725169
Simple answer no.
You're combining 2 concept that have absolutely no relationship.
Where in the PCI requirements does it mention holding onto logs?

PCI is all about protecting card-holder data.
The way you manage your PCI environment is through your own internal processes and documentation.

By building you environment securely and putting the proper checks in place, you'll easily be meeting the PCI requirements.

While there are tools that claim to help you with PCI compliance all they're really doing is employing a rules-based application to manage the reporting.

When planning for Audits, there is a simple process about RECORD, REMEDIATING and REPORTING.

RECORD - Create a record of what you're expecting to see, e.g. developers have access to A, Infrastructure has access to B. Record the members of the groups and audit those groups for changes.

REMEDIATE - Find anybody that has access who shouldn't have it, and remove that access, then go back and record the changes, e.g. new users, resigned users, etc.

REPORT - Report your finding, include the RECORDED items and any REMEDIATION.
then REPEAT the process.

Your PCI compliance comes from you putting in the necessary controls and managing them correctly through the appropriate procedures, like review, scans, etc.

Do yourself a favour and read the PCI requirements properly so that you understand what is actually required.

What level merchant are you?
0
 
LVL 40

Assisted Solution

by:footech
footech earned 166 total points
ID: 37734149
PCI DSS requirement 10.7 says "Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up)."  Other parts say you have to monitor the logs daily (frankly, doing this manually is probably not possible or a full-time job in itself), and store them on a central server.  How you do that is up to you.  The PCI DSS doc rarely says anything about how to do something.  A good assessor may be able to help you.

As far as audit settings, here's what I use for my 2008 R2/Win 7 machines.  The advanced audit settings help to cut down on a lot of useless crap that might otherwise be logged.
http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Recommended-Baseline-Audit-Policy-for-Windows-Server-2008
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question