PCI Series: Requirement 10 - Track and Monitor All Access to Network Resources and Cardholder Data

This is my last post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement ten (i.e. the requirement to track and monitor all access to network resources and cardholder data). The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

Requirement ten focuses on audit and monitoring. Many components of an IdM-based solution, including client components like

SSSD and certmonger, generate a detailed audit trail about authentication and user activity. Linux systems have an audit subsystem and all critical authentication and access related events are sent there. One can then use different technologies (or third party software) to collect and centralize these audit trails. Red Hat is working to provide a log collection, aggregation, and correlation solution across different components and products in the Red Hat portfolio. This is an ongoing effort and I plan to write about it (in the future) when there is more to show. This solution is expected to become a foundation for another offering that allows for capturing, centralizing, and correlating recorded user sessions. A demo of this session recording technology is available here. The working plan is to allow for not only the recording and playback of captured sessions but also correlation with an audit trail from the same system - enabling full introspection into the user activity on the system.

Questions about how Identity Management relates to requirement ten? Did you enjoy this series and/or find it to be useful?  I encourage you to reach out using the comments section (below).