PCI Requirement 11.5 – Deploy a Change-Detection Mechanisms to Alert Personnel

If change-detection mechanisms are not implemented properly, a malicious individual could take advantage and could add, remove, or alter configuration file contents, operating system programs, or application executables. This is why PCI Requirement 11.5 says, “Deploy a change-detection mechanism to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.”
During an assessment, an assessor will examine your change-detection mechanism and review the results from monitoring activities. The PCI DSS gives us a good idea of what types of files should be monitored, like system executables, application executables, configuration and parameter files, log and audit files, and any other critical files.
Stay Connected

More Free Resources

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.