Specifically, two sections of PCI address the need for file integrity monitoring software:
- 10.5.5: Use file integrity monitoring or change-detection software to ensure log data cannot be changed without the generation of an alert.
- 11.5: Deploy a change-detection monitoring (such as file integrity monitoring) to perform critical file comparisons at least once per week, and alert personnel to the unauthorized modification of critical system files, configuration files, or content files.
As the critical infrastructure preparedness guidelines of the North American Electric Reliability Corporation, NERC-CIP was established to ensure reliability in energy delivery.
File integrity monitoring is addressed in NERC-CIP 007, which seeks to manage system security by specifying select technical, operational, and procedural requirements.
Since 2002, the Federal Information Security Management Act (FISMA) has required federal agencies to implement programs agency-wide for infosec, and this includes government contractors. The security program must be reviewed annually and reported to the Federal Office of Management and Budget (OMB).
NIST 800-171 discusses the necessity of ensuring the integrity and availability of U.S. Federal Government Data via a comprehensive IT security program.
NIST 800-53 Revision 4 provides in-depth insight for agencies into responsibilities, risk management, and how to select security control baselines. However, the ultimate selection of specific controls falls within the hands of agencies, based on criteria outlined in NIST 800-53 Rev 4.
The Sarbanes-Oxley Act, also known as SOX, is a federal law setting accountability requirements for U.S. public company boards, management, and public accounting firms.
With 11 sections total in SOX, many organizations focus on Section 404, which is abbreviated as ICFR. This section requires reporting on the adequacy of internal control over financial reporting.
Similar to FISMA, SOX does not explicitly state the types of controls or methods organizations/businesses should use for compliance. Due to this, the COBIT framework was established for compliance.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses safeguards to ensure the “confidentiality, integrity, and availability of protected health information.”
An in-depth insight into how to achieve compliance with technical safeguards standards of HIPAA can be found in NIST Special Publication 800-66. A File integrity monitoring tool allows businesses/organizations to not only achieve but also maintain compliance with HIPAA best practices, including the continuous evaluation of access controls and data security.
The Gramm-Leach-Bliley Act (GLBA) of 2003 requires the disclosure of information sharing sharing practices and safeguarding of senstive data from institutions offering financial products or services
Per the GLBA Safeguards Rule text, elements of a security program should include:
- §314.4 -3: Detecting, preventing and responding to attacks, intrusions, or other systems failures.
- §314.4 (c) Design and implement information safeguards to control the risks you identify…or otherwise monitor.
File integrity monitoring fits into compliance with GLBA safeguards rule by providing a tool for monitoring configurations and host security, security assessment, and providing strong audit trails.
The General Data Protection Regulation (GDPR) applies to all companies processing the persona data of data subjects who reside within the EU. The GDPR protects the rights and freedom of data subjects which includes defining the process/steps data holders must take to protect data. File integrity Monitoring can be used to help compliance of the GDPR requirement of
- Article 25: Data Protection by Design and Default
- Article 32: Security fo processing
- Article 39: Tasks of the Data Protection officer(DPO)
- Article 57: Tasks
- Article 59: Activity Reports