Logging of Databases for Effective Security Monitoring and Compliance with PCI DSS outlines 9 key database events that should be logged to comply with PCI DSS requirements, including: 1) additions, removals, or modifications of user IDs; 2) changes to passwords or privileges; 3) changes to system-level objects; 4) individual access to cardholder data; 5) starting and stopping databases; 6) user logins and logouts; 7) failed logon attempts; and 9) clearing of audit trails. The document provides a suggested list of important database logging events for PCI compliance and effective security monitoring.

1. Logging of Databases for Effective Security Monitoring and
Compliance with PCI DSS
1
# Event PCI DSS
Requirements
1. Addition, removal, and/or modification of any user IDs
on the database system
6.3.3, 7.1.1, 7.1.2, 7.1.4,
8.1, 8.5.1, 8.5.1, 8.5.4,
10.2.2
2. Changes to passwords for administrative users and
users with access to Cardholder Data (CHD)
8.5.3, 8.5.9
3. Change to user privileges including changes to
grants, roles and profiles (e.g., password length,
history, idle time, etc.)
6.3.3, 7.1.1, 7.1.2, 7.1.4,
8.1, 8.5.1, 8.5.1, 8.5.4,
10.2.2
4. Changes to system-level objects (system level
objects vary from database to database – You may
want to consult with your DBA to identify the specific
objects in your setup)
10.2.7, 10.5.5
5. Individual access to cardholder data 6.3.3, 7.1, 10.2.1
6. Stopping/starting of databases 10.2.2
7. Logins and logouts by administrative users and users
with access to Cardholder Data (CHD)
10.2.2, 10.2.5
8. Logon failures 10.2.4
9. Clearing of audit trails 10.2.3, 10.2.6, 10.5.5
Note: This is only a suggested list and by no means a complete one.
 Created by RisknCompliance Consulting Group http://rnc2.com on June 1st, 2010; Read the
related blog here.
 Distributed under the license terms at http://creativecommons.org/licenses/by/3.0/.