PCI DSS Requirement 10.7 Changelog

Four years ago I wrote about changes between versions of the PCI DSS with an example of subtlety from Requirement 10.7. This came up again today, so here’s an updated table:

Requirement 10.7:

DSS 1.0 DSS 1.1 DSS 1.2 DSS 2.0
An audit history usually covers a period of at least one year, with a minimum of 3 months available online. Retain audit trail history for at least one year, with a minimum of three months online availability. Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up). Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.