💼 11.5 Deploy a change-detection mechanism to alert personnel to unauthorized modification of critical system files, configuration files, or content files.

ID: /frameworks/pci-dss-v3.2.1/11/05

Description

Configure the software to perform critical file comparisons at least weekly.

For change-detection purposes, critical files are usually those that do not regularly change, but the modification of which could indicate a system compromise or risk of compromise. Change-detection mechanisms such as file-integrity monitoring products usually come pre-configured with critical files for the related operating system. Other critical files, such as those for custom applications, must be evaluated and defined by the entity (that is, the merchant or service provider).

Similar

Sections
- /frameworks/pci-dss-v4.0/11/05/02
- /frameworks/aws-fsbp-v1.0.0/config/01
Internal
- ID: dec-c-59bcdf4e

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Config.1] AWS Config should be enabled and use the service-linked role for resource recording			1		no data
💼 PCI DSS v4.0 → 💼 11.5.2 A change-detection mechanism (for example, file integrity monitoring tools) is deployed.			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 11.5.2 A change-detection mechanism (for example, file integrity monitoring tools) is deployed.			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 11.5.1 Implement a process to respond to any alerts generated by the change detection solution.			1		no data

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account Config is not enabled in all regions🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​