{"id":567,"date":"2020-04-18T11:56:22","date_gmt":"2020-04-18T11:56:22","guid":{"rendered":"http:\/\/www.pcidssguide.com\/?p=567"},"modified":"2023-10-09T13:43:02","modified_gmt":"2023-10-09T13:43:02","slug":"the-pci-dss-and-file-integrity-monitoring","status":"publish","type":"post","link":"https:\/\/pcidssguide.com\/the-pci-dss-and-file-integrity-monitoring\/","title":{"rendered":"PCI DSS and File Integrity Monitoring"},"content":{"rendered":"\n\n\n\n\n
Today, almost all organizations use firewalls, configure them with configuration standards, and monitor their systems by keeping their systems safe with anti-virus and log records.<\/p>\n\n\n\n
However, assuming you interpret the requirements correctly, file integrity monitoring (FIM) software becomes a real advantage for tracking your critical files when combined with other requirements.<\/p>\n\n\n\n
See Also: File Integrity Monitoring Best Practices<\/a><\/strong><\/p>\n\n\n\n The use of File Integrity Monitoring (FIM) software is a PCI DSS requirement, and in short, it allows you to obtain security in its purest form by alerting you to essential file changes.<\/p>\n\n\n\n The use of File Integrity Monitoring (FIM) software has long been considered the cornerstone of best practices in information security. However, there are still several common misunderstandings about why File Integrity Monitoring (FIM) software is essential and what it can provide.<\/p>\n\n\n\n PCI DSS Requirement 11.5 explicitly uses the definition of file integrity monitoring regarding the need to alert authorized personnel against unauthorized modification of critical system or configuration files.<\/p>\n\n\n\n According to PCI DSS requirements, file Integrity Monitoring (FIM) software should be configured to perform weekly critical file comparisons.<\/p>\n\n\n\n See Also: PCI DSS Requirement 11 Explained<\/a><\/strong><\/p>\n\n\n\n file monitoring software should be used much more widely to support an information technology asset’s security. For example, many major PCI DSS requirements can be best met using file integrity monitoring technologies:<\/p>\n\n\n\n PCI DSS Requirement 1:<\/a><\/strong> Monitoring firewall and router configuration standards<\/p>\n\n\n\n PCI DSS Requirement 2:<\/a> <\/strong>Following configuration standards for all system components<\/p>\n\n\n\n PCI DSS Requirement 6:<\/a><\/strong> Monitoring of system and application critical files<\/p>\n\n\n\n PCI DSS requirement 10:<\/a><\/strong> Ensuring log files cannot be altered<\/p>\n\n\n\n PCI DSS requirement 11:<\/a><\/strong> Detecting file changes<\/p>\n\n\n\n Using File Integrity Monitoring (FIM) software for the above requirements will make your job much more comfortable. However, as stated earlier, PCI DSS is a network of interconnected and overlapping requirements, and so the file integrity check task also spans a much broader scope.<\/p>\n\n\n\n file integrity monitoring tools supports system hardening, system standards, and other change management requirements.<\/p>\n\n\n\n File integrity monitoring (FIM) software refers to a security process and technology that tests and checks the operating system (OS), database, and application files to determine whether files have been modified or corrupted.<\/p>\n\n\n\n File Integrity Monitoring (FIM), a type of change control, verifies the latest known versions of these files against a reliable “baseline.” If FIM detects that files have been modified, updated, or compromised, it can generate alerts to allow further investigation and, if necessary, correct.<\/p>\n\n\n\n File integrity monitoring includes reactive (forensic) inspection and proactive inspection, i.e., active monitoring based on rules.<\/p>\n\n\n\n File integrity monitoring works in two ways, Agent-based and Agentless.<\/p>\n\n\n\n In agent-based file integrity monitoring software, an agent (application) is installed on the host computer and performs file monitoring by transmitting the changes it detects to the central server in real-time. In this way, the File Integrity Monitoring (FIM) agent also reduces the host and network’s recurring load for scanning.<\/p>\n\n\n\n The FIM agent is defined on a master file tracking management server, and then adjustments are made through this master server.<\/p>\n\n\n\nWhat Types of File Integrity Monitoring (FIM) Are?<\/strong><\/h2>\n\n\n\n