Attributes of Log Data
Supporting PCI Requirement 10.3 in AWS
PCI Requirement 10.3 requires that your audit trail entries capture the following six attributes of each event:
- User identification
- Type of event
- Date and time
- Success or failure indication
- Origination of event
- Identity of the affected data, system, or resources
To capture all of these attributes, AWS recommends using three services to support proper logging and monitoring: AWS CloudTrail, Amazon CloudWatch, and AWS Config. By using these services, you will gather the appropriate content and history needed to comply with PCI Requirement 10.3.
There are six sub-requirements in PCI Requirement 10 and they are all related to the attributes inside the logging data that you would get in their system. What are they? User identification (who it is), type of event, date and time stamps, success or failure of the event (was the log in successful or not?), where it came from (the source of the generated event), and the identity of the system that is affected.
So, basically, it’s the “who, what, when, where, and why.” All of these elements are captured in the attributes of the logs. Enabling CloudTrail and the rules inside the AWS Management Console can deliver all of that information to an S3 bucket. If you secure the S3 bucket, then you are good to go for PCI Requirement 10.3. Any questions? Give us a call at KirkpatrickPrice. We make sure.