[bigredseo]

I had the wonderful pleasure of being on a webinar with Coalfire (an IT Audit & Compliance company) earlier today. QualiTeam really need to get in contact with them on things as it's all clearly spelled out when they go through things as to what's needed and what's not.

There's sections in the PCI-DSS which require the logging of all logins to a system, but again, it referrs back to the section Ralph talked about - it requires logins through a remote system (physical access, root access or machine access through remote computer) - it does not require login tracking of customers through a web interface (which is what our customer thought it required).

While the two guides (PCI-DSS & PA-DSS) are black and white, there are cross references to each other and interpretation required.