File Integrity Monitoring Coverage for PCI DSS 4.0

This document is a guide detailing the File Integrity Monitoring (FIM) coverage for PCI DSS 4.0 requirements. It outlines how Qualys FIM meets specific PCI DSS requirements related to audit logs and change detection mechanisms. The guide describes the functionalities of Qualys FIM, such as real-time monitoring of critical system components, capturing user access details, and generating alerts for unauthorized changes. It explains the importance of retaining audit log history for at least 12 months and ensuring that automated mechanisms are in place for audit log reviews. The document also emphasizes the need for monitoring changes in security settings of log files to avoid excessive notifications, thereby reducing noise in alerts. Additionally, it presents how Qualys FIM supports incident management and provides a library of critical file paths to streamline monitoring efforts. The guide serves as a comprehensive resource for understanding how to implement FIM in compliance with PCI DSS standards.