search cancel

Service Desk - PCI Certification

book

Article ID: 252844

calendar_today

Updated On:

Products

CA Service Desk Manager

Issue/Introduction

A customer asks the following questions for the purpose of  PCI certification, and the security auditor wants to know  if SDM stores this information and where:

- All actions performed by people with administrative privileges.

- All access to All audit trails.

- All invalid or failed logical access attempts

- All access to systems or effective login.

- Any increase in privileges

- All changes, additions, and deletions of any account with administrative privileges

-All Initialization and/or disabling or pausing of audit logs in the system.

- All creation and deletion of objects at the system level.

- Any change in the sound time service (NTP) in the machine or system

 

Environment

Release  : 17.3

Cause

PCI certification inquiry

Resolution

L2 answers provided inline:


- All actions performed by people with administrative privileges.

We don't track actions performed by users, other than what is tracked in audit trails.

- All access to All audit trails.

We don't track access to audit trails. Audit trails are read-only in UI.

- All invalid or failed logical access attempts

We don't track failed login attempts.

- All access to systems or effective login.

 We track valid sessions in the session log table.

- Any increase in privileges

We normally run as a SYSTEM, only when we need to access the UNC path, we impersonate the configured user and only for the process that accesses the UNC path.

- All changes, additions and deletions of any account with administrative privileges

We don't track this specifically, audit trails can be configured to track specific columns if needed.

-All Initialization and/or disabling or pausing of audit logs in the system.

 Not sure I understand this one, the audit trails can be installed or uninstalled, and there is no pause option. The administrator decided when they should be installed or uninstalled.

- All creation and deletion of objects at the system level.

We don't delete data from the DB. We only inactivate records which are treated as deleted. Archive and purge can delete certain objects but what we purge we backup to files.

- Any change in the sound time service (NTP) in the machine or system

 We don't keep track of OS changes.