Banks, credit unions, insurance companies,
Audit Policy settings for PCI Compliance
|This article describes the audit policiy required for PCI Compiance.
The following Audit Policy is required for PCI Compliance:
Directory Service Access Events available on a Domain Controller only.
Object Access – Used in conjunction with Folder and File Auditing. Auditing Failures reveals attempted access to forbidden secure objects which may be an attempted security breach. Auditing Success is used to provide an Audit Trail of all access to secured data, for example, card data in a settlement/transaction file/folder.
We recommend to use Netwrix File Server Change Reporter to monitor the files changes, do not enable this audit policy for Event Log Manager.
NOTE: when using Windows Server 2008 / Windows 7 or later, there is an ‘Advanced Audit Policy Configuration’ option available which allows more precise application of auditing of Object Access events and is useful in eliminating unwanted events. If available, enable the ‘Audit File System’ option only for Success, and optionally Failure, but leave other settings as ‘Not Configured’
Process Tracking – not recommended as this will generate a large number of events.
We recommend to configure the following policies and to leave the other policies as is: