InfoSec Myth Debunked:

The PCI DSS 3.1 FIM requirement 10.5.5 only applies to Windows/UNIX.

The Payment Card Industry Data Secrity Standard, or PCI DSS, 3.1, requirement 10.5.5 states: “Use file integrity monitoring (FIM) to secure audit trails.” This is not so easily done in a z/OS environment since all FIM solutions are Windows- and UNIX-based.

But much like Windows and UNIX, a mainframe does have a secure state of its operating system when it is initially installed. This initial program load or IPL, can be "watched" for changes to its secure state that can indicate malicious activity by a user. There are other event sources you can monitor for ensuring the secure state of your IPL and other mainframe data, and we give you several of them in this highly-informative mainframe file integrity monitoring or MFIM whitepaper. 

How to download the CorreLog MFIM whitepaper?

  1. Fill out the download form to the right. 
  2. Click "download" button.
  3. An inline link will appear that you can click to get the paper. 
  4. Save to your local drive and learn about MFIM. 

If you need further assistance or would like more information on CorreLog solutions, please click here. Visit the CorreLog website here. 

CorreLog MFIM Whitepaper Download