The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. The PCI DSS standards apply to all organizations that store, process or transmit cardholder data and all affected organizations must be PCI compliant.
The collection, management, and analysis of log data are integral to meeting PCI audit requirements. IT environments include many heterogeneous devices, systems, and applications that all report log data. Millions of individual log entries can be generated daily, if not hourly. The task of simply assembling this information can be overwhelming in itself. The additional requirements of analyzing and reporting on log data render manual processes or homegrown remedies inadequate and costly.
LogRhythm has extensive experience in helping organizations improve their overall security and compliance posture while reducing costs. Log collection, archive, and recovery are fully-automated across the entire IT infrastructure. LogRhythm automatically performs log data categorization, identification, and normalization to facilitate easy analysis and reporting.
This paper illustrates and discusses the 6 domains of PCI DSS requirements as well as uses tables to outline how LogRhythm supports PCI compliance.