10.2 - Audit Logs Implemented to Support Detection

Requirement 10.2 of PCI DSS 4.0 mandates that organizations deploy and maintain audit logs capable of capturing all critical system and user activities, including authentication attempts, file accesses, configuration changes, and security events. The logs must be protected against tampering, retained for at least one year, and available for analysis to detect and respond to potential security incidents promptly.