What should be logged under identification/authentication mechanism use and privileged account changes?

Tracking authentication activity and changes to privileged accounts is essential for an auditable security trail. PCI DSS requires logging events that show how authentication mechanisms are used (logins, successful and failed attempts, password changes) and any elevation of privileges, as well as changes to highly privileged accounts such as root or admin accounts. This comprehensive logging enables you to see who accessed cardholder data, when, from where, and what actions they performed, including any privilege escalations or account modifications. Logging only isolated events like password resets, account creation, or account deletions misses critical activity that could indicate unauthorized access or misuse, so the best choice covers all of these key areas to support monitoring, detection, and incident response.