top of page
< Back

11.5 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID

PCI DSS

(v3.2.1)

11.5

Requirement 11: Regularly test security systems and processes

(v3.2.1)

Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

Note: For change-detection purposes, critical files are usually those that do not regularly change, but the modification of which could indicate a system compromise or risk of compromise. Change-detection mechanisms such as file-integrity monitoring products usually come pre-configured with critical files for the related operating system. Other critical files, such as those for custom applications, must be evaluated and defined by the entity (that is, the merchant or service provider).

bottom of page