Educause Security Discussion mailing list archives
Question for those using a FIM for PCI compliance
From: Cathy Hubbs <hubbs () AMERICAN EDU>
Date: Tue, 30 Apr 2019 17:31:09 +0000
Greetings, Our PCI QSAs are adamant that we implement a File Integrity Monitoring (FIM) solution for our remaining in-scope systems. We are Level 3 and required to complete the SAQ D. Requirements 11a & 11b explicitly state use of a FIM and so we are revisiting the use of FIMs. Question for those of you that have installed a FIM in response to PCI * If you like your vendor/product which one are you using? We used a FIM in the past (tripwire) and eventually didn’t renew because of the operational overhead. I’m interested in speaking with those of you that are having a good experience with a FIM, specifically configured for PCI compliance. Thanks in advance, Cathy Cathy Hubbs, CISO American University
Current thread:
- Question for those using a FIM for PCI compliance Cathy Hubbs (Apr 30)