Manual Chapter : Masking Credit Card Numbers in Logs
Applies To:Show Versions
Masking Credit Card
Numbers in Logs
credit card numbers in logs
Application Security Manager™ (ASM) can mask credit card numbers in request logs. By default, when you create a security policy, the option to mask credit card numbers is enabled. Wherever credit card numbers appear in logs and violation details, they will be replaced by asterisks.
Mask Credit Card Numbers in Request Logoption enabled is required for PCI compliance. You must use this option in addition to Data Guard and masking sensitive parameters to comply with the Protect Stored Cardholder Data requirement. Data Guard masks sensitive information, such as credit card numbers and social security numbers, in responses.
Sensitive parameters can conceal sensitive information that is passed as parameters, such as credit card numbers. Making a parameter sensitive guarantees that its values are always masked in logs. Using sensitive parameters is good for form fields that are designated to contain sensitive data (like credit card numbers). But since a user can include credit card numbers in other places, enabling the
Mask Credit Card Numbers in Request Logoption looks for them anywhere in the request and masks them, providing an additional layer of security.
Masking credit card numbers in request logs
You can make sure that a security policy is set up to mask credit card numbers in logs and violations. This protects sensitive information, specifically credit card numbers, more securely.
- On the Main tab, click.The Policy Properties screen for the current edited policy opens.
- EnableMask Credit Card Numbers in Request Logif it is not already enabled.
- ClickSaveto save your settings.
The system now looks for occurrences of credit card numbers in request logs, violations, suggestions, and reports and replaces them with asterisks.