Frequently Asked Questions

< Back to search page

Can you provide clarification of PCI DSS requirement 10.3.6?

FAQ Response

The intent of PCI DSS Requirement 10.3.6 is that audit logs include the identity or name of the data, system(s), or component(s) that is affected by the event being logged.  This helps organizations to identify where an event occurred and the potential impact.

May 2014
Article Number 1032