9: Attack detection

Control objective 9.1

The software detects and alerts upon detection of anomalous behavior, such as changes in post-deployment configurations or obvious attack behavior.

PCI Secure Software Standard mandates that the integrity of certain files and critical datasets be verified. The files include software executable files and configuration files. The standard ensures secure operations and detects unauthorized changes. The integrity checks must be completed at least every 36 hours. To meet the standard, you must implement a third-party monitoring tool like Open Source Security (OSSEC). The tool helps validate integrity, protect cryptographic primitives, secure sensitive data, and ensure dataset integrity during updates. It ensures a secure environment by promptly detecting unauthorized modifications. For more information, see Implementing integrity monitoring for critical files.