Manual Chapter :
Masking Credit Card
Numbers in Logs
Applies To:
Show Versions
BIG-IP ASM
- 14.1.3, 14.1.2, 14.1.0
Masking Credit Card
Numbers in Logs
Overview: Masking
credit card numbers in logs
Application Security Manager™ (ASM) can mask credit card numbers in request
logs. By default, when you create a security policy, the option to mask credit card numbers is
enabled. Wherever credit card numbers appear in logs and violation details, they will be replaced
by asterisks.
Keeping the
Mask Credit Card Numbers in Request Log
option enabled is
required for PCI compliance. You must use this option in addition to Data Guard and masking
sensitive parameters to comply with the Protect Stored Cardholder Data requirement. Data Guard
masks sensitive information, such as credit card numbers and social security numbers, in
responses.Sensitive parameters can conceal sensitive information that is passed as parameters, such as
credit card numbers. Making a parameter sensitive guarantees that its values are always masked in
logs. Using sensitive parameters is good for form fields that are designated to contain sensitive
data (like credit card numbers). But since a user can include credit card numbers in other
places, enabling the
Mask Credit Card Numbers in Request Log
option looks
for them anywhere in the request and masks them, providing an additional layer of security.Masking credit card numbers in request logs
You can make sure that a security policy is set up to mask credit card numbers in
logs and violations. This protects sensitive information, specifically credit card
numbers, more securely.
- On the Main tab, click .The Policy Properties screen for the current edited policy opens.
- EnableMask Credit Card Numbers in Request Logif it is not already enabled.
- ClickSaveto save your settings.
The system now looks for occurrences of credit card numbers in request logs,
violations, suggestions, and reports and replaces them with asterisks.
