Benchmark: Requirement 10: Track and monitor all access to network resources and cardholder data
Description
The vulnerabilities in physical and wireless networks make it easier for cyber criminals to steal card data. This requirement requires that all the systems must have correct audit policy set and send the logs to centralized syslog server. These logs must be reviewed at least daily to look for anomalies, and suspicious activities. Security Information and Event Monitoring tools (SIEM), can help you log system and network activities, monitor logs and alert of suspicious activity. PCI DSS also requires that audit trail records must meet a certain standard in terms of the information contained. Time synchronization is required. Audit data must be secured, and such data must be maintained for a period no shorter than a year.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Requirement 10: Track and monitor all access to network resources and cardholder data.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_10Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_10 --shareBenchmarks
- 10.1 Implement audit trails to link all access to system components to each individual user.
- 10.2 Implement automated audit trails for all system components to reconstruct the events
- 10.4 Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time
- 10.5 Secure audit trails so they cannot be altered