Compliance / Payment Card Industry Data Security Standard
PCI DSS 4.0
When an agent touches cardholder data or authentication data, Requirement 10 (logging) and Requirement 12 (policies) apply.
Evidence Kaldros produces
Each item is generated from the chain for the selected window and included in the framework-specific evidence pack. Items below are illustrative — the full control map is in the documentation.
- ▸ Req. 10.2 — audit logs of all access
- ▸ Req. 10.4 — synchronized time sources
- ▸ Req. 10.7 — log retention for 1 year, 3 months online
- ▸ Req. 12 — policies governing agent use