File Integrity Monitoring Coverage for PCI DSS 4.0

This document is a guide detailing the File Integrity Monitoring (FIM) coverage for PCI DSS 4.0 and how it aligns with specific requirements. It outlines the various requirements set forth by PCI DSS, including the need for audit logs to be enabled and active for all system components handling cardholder data. The guide specifies that Qualys FIM captures critical user access and actions taken by individuals with administrative access, generating alerts for significant events. It also discusses the importance of maintaining audit log integrity and the retention of audit log history for at least 12 months. Additionally, the document describes automated mechanisms for audit log reviews and the deployment of change-detection mechanisms to alert personnel of unauthorized modifications to critical files. The guide emphasizes the need for a methodology to identify attack patterns and suspicious behavior, as well as the importance of reducing noise in alert systems to ensure effective monitoring and response to potential security incidents.