NCA OT: Payment Card Industry Data Security Standard 4.0 Compliance Automation Suite User Guide

This section highlights some key reporting capabilities contained within the PCI DSS 4.0 Compliance Automation Suite. LogRhythm has adopted the Consolidated Compliance Framework (CCF) approach to find common control approaches across various frameworks. This approach has been applied to the PCI DSS 4.0 Compliance Automation Suite to help organizations streamline compliance objectives. Collectively, many consider PCI DSS 4.0 as an influencer of other compliance frameworks, and is a core to LogRhythm’s compliance approaches within CCF. All objects associated with this module follow the ‘CCF: XXX’ naming convention and utilize a restricted view to only allow those appropriate individuals to see PCI DSS 4.0-specific content.

New profiles can be created for the Global Administrator, Global Analyst, Restricted Administrator, Restricted Analyst, and Web Service Administrator security roles. The security roles enable the Administrator to assign access to specific objects within the Entity to individual users. For example, many Restricted Analysts can be given access to Entity A, but not access to the same Log Sources within Entity A. Restricted Analyst 1 can have access to Log Sources 1, 2, and 3 on Entity A, while Restricted Analyst 2 has access to Log Sources 4, 5, and 6 on Entity A. This allows the organization to limit access to data and compliance content according to compliance needs.

The guide is divided into the following sections:

• PCI DSS 4.0 User Guide - AI Engine Rules
• PCI DSS 4.0 User Guide - Investigations
• PCI DSS 4.0 User Guide - Reports and Reporting Packages
• Copy of QCF User Guide - LogRhythm GeoIP Functionality