Requirement A.1.3
Ensure logging and audit trails are enabled and unique to each entity’s cardholder data environment and consistent with PCI DSS Requirement 10.
Testing Procedure
A.1.3
Verify the shared hosting provider has enabled logging as follows, for each merchant and service provider environment:
- Logs are enabled for common third-party applications.
- Logs are active by default.
- Logs are available for review by the owning entity.
- Log locations are clearly communicated to the owning entity.
Guidance
Logs should be available in a shared hosting environment so the merchants and service providers have access to, and can review, logs specific to their cardholder data environment.