LogRhythm (The Company) engaged Coalfire Systems Inc. (Coalfire), as a respected Payment Card Industry (PCI) Qualified Security Assessor (QSA) company, to provide an independent compliance validation of LogRhythm’s log and event management system. The Company’s technology encompasses key control areas for PCI compliance.
The scope of the assessment is focused on validating the product's ability to meet specific PCI controls and the augmentation of others. The scope of the PCI DSS controls selected for validation was derived through collaboration with LogRhythm solution architects and Coalfire test engineers. This review generated two types of control classes. The first is a class where the LogRhythm solution can directly fulfill the requirement when properly deployed as a control. The second class is where the control can partially fulfill the control requirement or augment other control procedures to assist a customer in meeting the requirement.
The audience for this validation report is merchants or service providers evaluating technical solutions for log and event management to meet their PCI compliance and IT security requirements. Additionally QSA’s or other auditors reviewing a deployed LogRhythm solution in a PCI environment can use this report to support their verification efforts.