The Payment Card Industry Data Secrity Standard, or PCI DSS, 3.1, requirement 10.5.5 states: “Use file integrity monitoring (FIM) to secure audit trails.” This is not so easily done in a z/OS environment since all FIM solutions are Windows- and UNIX-based.
But much like Windows and UNIX, a mainframe does have a secure state of its operating system when it is initially installed. This initial program load or IPL, can be "watched" for changes to its secure state that can indicate malicious activity by a user. There are other event sources you can monitor for ensuring the secure state of your IPL and other mainframe data, and we give you several of them in this highly-informative mainframe file integrity monitoring or MFIM whitepaper.
How to download the CorreLog MFIM whitepaper?