The PCI-DSS (Payment Card Industry Data Security Standard) is a set of industry-recommended requirements for business organizations that store, process, or transmit payment card details that aim to protect payment card data from theft, misuse, and other forms of breach.

File Integrity Monitoring (FIM) is one of the core requirements of the PCI-DSS. If you’re looking for an FIM solution to help you meet PCI-DSS requirements, this blog post is for you!

By the time you finish reading this post, you will have a solid grasp of the following:

  • Why file integrity monitoring should be a critical component of any information security program
  • The specific file integrity monitoring requirements to comply with PCI-DSS 
  • What to look for in a file integrity monitoring tool to meet PCI-DSS requirements

Let’s get started, shall we?

Quick Glance on File Integrity Monitoring (FIM)

A file integrity monitoring solution helps ensure that a file for an application, device, server, or other element in the enterprise IT infrastructure remains in a stable state and can carry out their usual functions despite the barrage of possible changes it can experience.

Take for instance how incorrectly assigning the wrong IP address at startup can prove detrimental to a network. Or how a single line item in a 100-line script can make an entire operating system go haywire. These are examples of the “changes” that a FIM tool can detect and monitor.

By and large, organizations need to rely on a file integrity monitoring tool to beef up data protection and meet compliance requirements.

Breach Over Troubled Water

So you think you don’t need a robust file integrity monitoring tool because your information security measures are already top notch?

We urge you to reconsider.

According to the 2015 Data Breach Investigations report, there is a growing “detection deficit” between attackers and defenders. In 60 percent of data breach cases, attackers were able to gain access and compromise an organization’s network within minutes.

Furthermore, the same report revealed that point of Sale (POS) intrusions and payment card skimming attacks continued in 2015, with large organizations suffering data breaches alongside restaurants and small retailers. A good chunk of these incidents involved direct social engineering of store employees who were tricked into providing passwords for POS remote access through a simple phone call.

For this reason, relying on a file integrity monitoring tool that can only recognize whether or not the integrity of a file has been compromised is not enough. You also need a tool that will not just alert you of the change but can also immediately take action to remediate the change. After all, you can’t simply cancel your digital sabbatical slash weeklong respite by the beach because you just received an email notifying you of a possible breach.

In a nutshell, a robust FIM tool can:

  • capture the initial state (baseline) of every monitored file and store it in the database
  • scan for changes relative to the baseline
  • determine if the configuration change is planned or unplanned
  • instantly alert you when an unplanned change occurs
  • provide information on how to remediate changes
  • quickly roll back to a previously good state

Now let's proceed to the compliance part.

File Integrity Monitoring Requirements for PCI-DSS 3.1 Compliance

The goal of compliance is to reduce data breach risk and also functions as another reason for you to get serious with file integrity monitoring. The PCI-DSS 3.1 compliance standard, comprised of 12 core security areas to protect cardholder data, is one of these.

In terms of file integrity monitoring, the PCI-DSS specifies the following requirements:

PCI 10.5.5:

"Use file integrity monitoring and change detection software on logs to ensure that existing log data cannot be changed without generating alerts."

PCI 11.5:

"Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files, and configure the software to perform critical file comparisons at least weekly."

PCI 10.5.5 and PCI 11.5 intends to promote the integrity of critical logs in your PCI environment and to ensure that changes to files do not allow a breach of payment card data. Although PCI 11.5 requires a file integrity monitoring software to monitor changes at least weekly, it is important to note that a true file integrity monitoring tool has the capability to distinguish low-risk change from high-risk change as they happen.

To meet the aforementioned requirements, your FIM tool of choice should have the following capabilities:

  • Monitor and track changes
  • Identify which changes introduce risk
  • Pinpoint which changes result in non-compliance
  • Determine between high and low-risk changes
  • Work with other security point solutions

Comprehensive PCI Compliance With CimTrak

CimTrak is an advanced integrity and compliance tool that helps you comply with more than just the two PCI file integrity monitoring requirements mentioned above.

Our file integrity monitoring approach allows you to:

  • Get instant notification and in-depth insight into all changes within your PCI environment and complete coverage for PO requirement 11.5.
  • Monitor critical configurations to ensure they are in a PCI compliant state.
  • Monitor devices such as routers and firewalls to ensure that changes don’t allow unauthorized access to your PCI environment.
  • Instantly restore changes and keep your critical systems running.
  • Generate a wide variety of reports on watched systems.
  • Seamlessly integrate CimTrak with all major Security Information and Event Management (SIEM) solutions.

It's quite clear that it's not a question of whether or not you need a file integrity monitoring system. Instead, you should be more concerned in choosing a tool that provides complete file integrity monitoring capabilities with PCI compliance as well as continuous compliance management.

Have a burning question on file integrity monitoring tools? Make informed decisions on finding the right FIM solution by talking to one of our experts today.

PCI Compliance Checklist eBook

Jacqueline von Ogden
Post by Jacqueline von Ogden
April 12, 2016
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".