Manual Chapter : Masking Credit Card Numbers in Logs

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Masking Credit Card Numbers in Logs

Overview: Masking credit card numbers in logs

Application Security Manager (ASM) can mask credit card numbers in request logs. By default, when you create a security policy, the option to mask credit card numbers is enabled. Wherever credit card numbers appear in logs and violation details, they will be replaced by asterisks.
Keeping the
Mask Credit Card Numbers in Request Log
option enabled is required for PCI compliance. You must use this option in addition to Data Guard and masking sensitive parameters to comply with the Protect Stored Cardholder Data requirement. Data Guard masks sensitive information, such as credit card numbers and social security numbers, in responses.
Sensitive parameters can conceal sensitive information that is passed as parameters, such as credit card numbers. Making a parameter sensitive guarantees that its values are always masked in logs. Using sensitive parameters is good for form fields that are designated to contain sensitive data (like credit card numbers). But since a user can include credit card numbers in other places, enabling the
Mask Credit Card Numbers in Request Log
option looks for them anywhere in the request and masks them, providing an additional layer of security.

Masking credit card numbers in request logs

You can make sure that a security policy is set up to mask credit card numbers in logs and violations. This protects sensitive information, specifically credit card numbers, more securely.
  1. On the Main tab, click
    Security
    Application Security
    Security Policies
    Policies List
    .
    The Policy Properties screen for the current edited policy opens.
  2. Enable
    Mask Credit Card Numbers in Request Log
    if it is not already enabled.
  3. Click
    Save
    to save your settings.
The system now looks for occurrences of credit card numbers in request logs, violations, suggestions, and reports and replaces them with asterisks.