10.3 Record at least the following audit trail entries for all system components for each event:
[ul]
[li]10.3.1 User identification[/li][li]10.3.2 Type of event[/li][li]10.3.3 Date and time[/li][li]10.3.4 Success or failure indication[/li][li]10.3.5 Origination of event[/li][li]10.3.6 Identity or name of affected data, system component, or resource.[/li][/ul]
10.3 Through interviews and observation of audit logs, for each auditable event (from 10.2), perform the following:
[ul]
[li]10.3.1 Verify user identification is included in log entries.[/li][li]10.3.2 Verify type of event is included in log entries.[/li][li]10.3.3 Verify date and time stamp is included in log entries.[/li][li]10.3.4 Verify success or failure indication is included in log entries.[/li][li]10.3.5 Verify origination of event is included in log entries.[/li][li]10.3.6 Verify identity or name of affected data, system component, or resources is included in log entries.[/li][/ul]
By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how.
[PCI DSS 3.0] 10.3 Record at least the following audit trail entries for all system components for each event:
[READ-ONLY] Archives
[RETIRED] PCI DSS v3.0 Questions and Answers Forum
Regularly Monitor and Test Networks (Requirements