PCI Requirement 10.7 – Retain Audit Trail History for at Least One Year, with Three Months Available
PCI v4.0 - 10.7.3: Failure of Any Critical Security Controls Are Promptly Addressed
PCI v4.0 - 10.7.2: Failure of Critical Security Control Systems Are Handled Appropriately
PCI v4.0 - 10.7.1: (Service Providers) Critical Security Control System Failures Are Addressed
Does a QSA need to be onsite for a PCI DSS assessment?
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 9.6 – Maintain Control Over the Internal/External Distribution of Any Kind of Media
PCI Requirement 11.5.1 – Implement a Process to Respond to Change-Detection Solution Alerts
PCI Requirement 10.5.4 – Write Logs for External-Facing Technologies onto a Secure Device
PCI Requirement 10.2.6 – Initialization, Stopping, or Pausing of the Audit Logs
PCI Requirement 5.2 – Ensure Anti-Virus Mechanisms are Current, Perform Scans, & Generate Audit Logs
PCI Requirement 10.8.1 –Respond to Failures of Any Critical Security Controls in a Timely Manner
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Requirement 9.6.3 – Ensure Management Approves All Media Moved from a Secured Area
PCI Requirement 10.3.1 – User Identification
PCI Requirement 9.4.2 – Visitors are Identified and Given a Badge that Expires
PCI Requirement 2.2.5 - Remove all Unnecessary Functionality
PCI Requirement 10.4.2 – Time Data is Protected
PCI Requirement 3.5.1 Maintain a Documented Description of The Cryptographic Architecture
PCI Requirement 11.2 – Quarterly Internal & External Vulnerability Scans