12.2.a Examine the daily operational security procedures. Verify that they are consistent with this specification, and include administrative and technical procedures for each of the requirements
[PCI DSS 1.x] 12.2 Develop daily operational security procedures that are consistent with requirements in this spe
Can anyone expand on what types of documents the “daily operational security” could include?
Could be looking through logs…purging terminated employees…things of that nature.
Does anyone have a possible list of the required procedures?
I also think so.
The appropriate procedures will be driven by how the organization has implemented controls. Logs, for example, are mandatory under PCI DSS so review of logs is a natural. Use of a SIM or some other type of log analysis tool may supplant daily review of every single log entry, but will not entirely replace it as good QA would have you ensuring the logs are actually working and your controls are working as intended as evidenced by logs. For example, an excessive false positive error rate in IDS logs should prompt tweaking something. Similarly, a low IDS hit rate may mean it’s tuned out too much. These are just examples, other period procedures might include interviewing users for problems, or looking at CPU and disk utilization on critical CHD machines, or looking at the tapes of computer room access, etc. The more exhaustive and detailed, the better. The more coverage of all the PCI DSS controls, the better.