Skip to main content

πŸ’Ό 11.5 Deploy a change-detection mechanism to alert personnel to unauthorized modification of critical system files, configuration files, or content files.

  • Contextual name: πŸ’Ό 11.5 Deploy a change-detection mechanism to alert personnel to unauthorized modification of critical system files, configuration files, or content files.

  • ID: /frameworks/pci-dss-v3.2.1/11/05

  • Located in: πŸ’Ό 11 Regularly test security systems and processes.

Description​

Configure the software to perform critical file comparisons at least weekly.

For change-detection purposes, critical files are usually those that do not regularly change, but the modification of which could indicate a system compromise or risk of compromise. Change-detection mechanisms such as file-integrity monitoring products usually come pre-configured with critical files for the related operating system. Other critical files, such as those for custom applications, must be evaluated and defined by the entity (that is, the merchant or service provider).

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/11/05/02
    • /frameworks/aws-fsbp-v1.0.0/config/01
  • Internal
    • ID: dec-c-59bcdf4e

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Config.1] AWS Config should be enabled and use the service-linked role for resource recording1
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 11.5.2 A change-detection mechanism (for example, file integrity monitoring tools) is deployed.1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 11.5.2 A change-detection mechanism (for example, file integrity monitoring tools) is deployed.1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό 11.5.1 Implement a process to respond to any alerts generated by the change detection solution.

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS Account Config is not enabled in all regions 🟒1🟒 x6