10.2.1 All individual user accesses to cardholder data
10.2.1 Verify all individual access to cardholder data is logged.
Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account in order to access cardholder data. A record of all individual accesses to cardholder data can identify which accounts may have been compromised or misused.