4.2 Payment application must implement an automated audit trail to track and monitor access.
PCI Data Security Standard Requirements 10.2 and 10.3
Testing Procedures:
4.2.a Examine payment application log parameters and verify that logs contain the data required in PCI DSS Requirements 10.2 and 10.3.
4.2.b If payment application log settings are configurable by the customer and resellers/integrators, or customers or resellers/integrators are responsible for implementing logging, examine PA-DSS Implementation Guide prepared by the vendor to verify the following are included:
[ul]
[li]How to set PCI DSS-compliant log settings, per PCI DSS Requirements 10.2 and 10.3.[/li][li]That disabling of the logs should not be done and will result in non-compliance with PCI DSS.[/li][/ul]