Benchmark: 10.2.1: Audit logs are enabled and active for all system components and cardholder data
Description
Audit logs must exist for all system components. Audit logs send alerts the system administrator, provides data to other monitoring mechanisms, such as intrusion-detection systems (IDS) and security information and event monitoring systems (SIEM) tools, and provide a history trail for post-incident investigation.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 10.2.1: Audit logs are enabled and active for all system components and cardholder data.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_10_2_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_10_2_1 --share
Benchmarks
- 10.2.1.1: Audit logs capture all individual user access to cardholder data
- 10.2.1.2: Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts
- 10.2.1.3: Audit logs capture all access to audit logs
- 10.2.1.4: Audit logs capture all invalid logical access attempts
- 10.2.1.5: Audit logs capture all changes to identification and authentication credentials including, but not limited
- 10.2.1.6: Records of all changes to audit log activity status are captured
- 10.2.1.7: Audit logs capture all creation and deletion of system-level objects