Authorized modifications in PCI?
Wednesday, July 2nd, 2008The PCI Consortium is currently working on the new PCI DSS Standard, which will be version 1.2. While reviewing the 12 requirements we came out with a surprising point:
Requirement 10.5.2 states that “Audit Trails files should be protected against unauthorized modifications”. We feel that there are is no case for an authorized modification of an audit trail file and hence the word “unauthorized” should be replaced with “all”. Audit trail files should be absolutely immutable to be of any use in a legal or regulatory context.
So, we hope that erasing this “unauthorized” term will happen in the new release. We’ll keep you posted.