This resource is no longer available
Meeting the True Intent of File Integrity Monitoring
The term “file integrity monitoring,” or FIM, popped up back in 2001 when the VISA started working on a security specification that would eventually become the Payment Card Industry Data Security Standard (PCI DSS, or just PCI). FIM was referenced in two requirements of PCI specification, but requirement 10.5.5 specifically instructed organizations that processed, transmitted or stored cardholder data to “Use file integrity monitoring/change detection software (such as Tripwire) on logs to ensure that existing log data cannot be changed without generating alerts.”
In reality, FIM had been around before its reference in the evolving PCI standard. Previously, though, it used a different name: “change audit.” So here we are ten years later. Where is FIM now? Is it still relevant or important? Does it really protect data and improve security? The answers, in order are:
- FIM is still called file integrity monitoring (FIM), and is now part of almost every IT compliance regulation and standard and every IT security standard. Some refer to FIM as “change audit.”
- Yes, FIM is still relevant and important, although many organizations that must use FIM solutions complain that the term “FIM” is now synonymous with “noise” due to the huge volume of changes these solutions detect.
- Yes, FIM does protect data and improve security, but only when FIM has specific capabilities.
Read on to learn more about FIM and how it can effectively provide data protection and security.