PCI Requirement 10.5.5
The Payment Card Industry Data Security Standard (PCI DSS) Audit reports provide available documentation and compliance artifacts that help you demonstrate compliance with requirements of the PCI DSS.
The PCI Requirement 10.5.5 report provides guidance for how to access File Integrity Monitoring (FIM) features that help you demonstrate compliance with Requirement 10.5.5.
To access the PCI Requirement 10.5.5 report:
- In the Alert Logic console, click the menu icon (), and then click Validate.
- Click Reports, and then click Compliance.
- Under PCI DSS Audit, click VIEW.
- Click PCI Requirement 10.5.5.
The report summary page displays two columns. Testing Procedures lists each procedure that is required for testing the selected PCI requirement. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that this report can demonstrate compliance with each testing procedure.
Schedule the report
After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.
Available Documentation and Artifacts
This report provides you with quick access to the FIM configuration and events that help you demonstrate that your organization uses a file-monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).
Testing procedure for PCI 10.5.5
This testing procedure requires you to prove that your organization examines systems settings, monitored files, and results from monitoring activities to verify the use of file-integrity monitoring or change-detection software on logs.
This section provides you with a link for quick access to the Get Started with Alert Logic Deployments page in the Alert Logic console where you can view the FIM section for configured monitoring file paths in a specific deployment. You can use this information to demonstrate that processes are in place to verify the use of file-integrity monitoring or change-detection software on logs.
This section also provides you with a link for quick access to the File Integrity Monitoring Dashboard in the Alert Logic console, where you can view or export changes to your monitored software and configuration files. You can use this information to demonstrate that processes are in place to verify the use of file-integrity monitoring or change-detection software on logs.