»

Authorized modifications in PCI?

The PCI Consortium is currently working on the new PCI DSS Standard, which will be version 1.2. While reviewing the 12 requirements we came out with a surprising point:

Requirement 10.5.2 states that “Audit Trails files should be protected against unauthorized modifications”. We feel that there are is no case for an authorized modification of an audit trail file and hence the word “unauthorized” should be replaced with “all”. Audit trail files should be absolutely immutable to be of any use in a legal or regulatory context.

So, we hope that erasing this “unauthorized” term will happen in the new release. We’ll keep you posted.

Bookmark and Share

Tags:

This entry was posted on Wednesday, July 2nd, 2008 at 10:47 am and is filed under PCI. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

One Response to “Authorized modifications in PCI?”

  1. Daniel Craig Says:
    August 7th, 2008 at 9:58 am

    Hey, I was looking around for a while searching for audit trails and I happened upon this site and your post regarding Authorized modifications in PCI?, I will definitely this to my audit trails bookmarks!