[PCI DSS 1.x] 10.2.2 All actions taken by any individual with root or administrative privileges

10.2.2 Actions taken by any individual with root or administrative privileges

Any advice on what constitutes “all actions”, the logs would be considerably large if all acions where to be logged by admins.

All actions by users with privilege that involve card holder information must be logged. This is necessary in case of a breach to forensically determine what happened. Failing to log could make you grossly negligent and result in big fines. Big disks are cheap compared to a fine.

As far as I know this requirement is a bit vague. What is an action? Assuming that they mean executed commands, you can meet this requirement by using the ex audit class.

Does anyone have real world examples on how to accomplish this in a Windows environment?

Database logging, application-specific logging, etc. All actions performed on sensitive CHD must be logged. This facilitates investigating suspected breaches or other irregularities.

More companies are looking at mobile devices such as iPods and iPads to function as POS terminals. Would changes under the Settings icon be considered an action by someone with admin privileges? If so, how would that action be logged, since IOS devices do not provide for logging (that I’m aware of)?