UCF ID: 01339 |
Control Type: Process or Activity |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Implement a traceability standard. [UCF Control ID 00640]
There are no supporting controls.
Authority documents complied with:
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2.1, § 10.3.6; Australian Government ICT Security Manual (ACSI 33), § 3.7.16; Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2, § 10.3.6
Payment Card Guidance
The organization must ensure all system components record the name of the asset or data affected by the event.
For auditable events, observe the audit log to ensure it captures and records the unique identity of the affected asset.
Interview security personnel and view their audit logs to ensure the appropriate events are logged. [§ 10.3.6, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2.1]
The organization must ensure all system components record the name of the asset or data affected by the event. [§ 10.3.6, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2]
Asia and Pacific Rim Guidance
The audit log should record the location or identification of the terminals involved for each event that is recorded. [§ 3.7.16, Australian Government ICT Security Manual (ACSI 33)]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.