Frequently Asked Question

Can you provide clarification of PCI DSS requirement 10.3.6?

The intent of PCI DSS Requirement 10.3.6 is that audit logs include the identity or name of the data, system(s), or component(s) that is affected by the event being logged.  This helps organizations to identify where an event occurred and the potential impact.
Last updated: May 2014
Originally published: April 2012
Article Number: 1032

Featured FAQ Articles