In the Cisco White Paper titled 'Meeting CISP Requirements:Cisco Recommendations', it references that MARS can address Requirement 10.5. Requirement 10 asks the vendor to track and monitor all access to cardholder data. More specifically, 10.5 states that vendor must Secure audit trails so that they cannot be altered.
Cisco States that this can be accomplished through a combination of MARS and CSA in sub requirement 10.5.5. 10.5.5 says vendor maust use file integrity monitoring and change detection software on logs to ensure that existing log data cannot be changed without generating alerts. Could someone explain how this works to satisfy the requirement since I believe MARS changes the format of some logs?