PCI Requirement 10.3.4 – Success or Failure Indication

by Randy Bartels / May 1st, 2018

Successful or Not?

According to PCI Requirement 10.3.4, every log that’s generated must contain a success or failure indication to demonstrate whether the action that was taken was successful or not. Most applications are pretty good about logging the failed attempts; however, we find that from an assessment perspective, many organizations struggle with the successful events.

Through interviews and observation, auditors will try to verify that a success or failure indication is included in log entries.

Each log that’s generated must contain whether the action that was taken was successful or not. Most applications, or most operating systems by default, are pretty good about logging the failed attempts. However, we find that from an assessment perspective, most organizations struggle with the successful events. Whether the event was successful or not, it needs to be logged as part of the event that took place.

BLOG

PCI Requirement 10.3.4 – Success or Failure Indication

Successful or Not?

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.

BLOG

PCI Requirement 10.3.4 – Success or Failure Indication

Successful or Not?

Related Posts

Categories

Newsletter