I made an interesting observation today that seems to have gone under the radar regarding file integrity montiring and the Data Security Standards. There is a change to requirement 11.5.
In DSS 1.0 ther requrement for file integrity solutions was such that critical file comparisions had to be done "daily".
In DSS 1.1 this was changed to "weekly"
This makes more sense as it has always been a sticking point when it came to real world practicality. In essence it allows merchants and service providers to have a scheduled process that can accomodate alot of more network centric solutions in the marketplace that rely on scheduling rather than an automated agent driven solution like Tripwire. Agents are tough to deploy in large distributed environments and tend to have a lot higher TCO (total cost of ownership). I assume this change was made since many PCI assessments had to compensate for their lack of daily file integrity reviews.
- Ray Zadjmool QSA