Benchmark: Requirement 10: Log and Monitor All Access to System Components and Cardholder Data
Description
Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. The presence of logs on all system components and in the cardholder data environment (CDE) allows thorough tracking, alerting, and analysis when something does go wrong. Determining the cause of a compromise is difficult, if not impossible, without system activity logs.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_10Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_10 --shareBenchmarks
- 10.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events
- 10.3: Audit logs are protected from destruction and unauthorized modifications
- 10.4: Audit logs are reviewed to identify anomalies or suspicious activity
- 10.5: Audit log history is retained and available for analysis
- 10.6: Time-synchronization mechanisms support consistent time settings across all systems
- 10.7: Failures of critical security control systems are detected, reported, and responded to promptly