11.6 Unauthorized changes on payment pages are detected and responded to.
This requirement focuses on detecting and responding to unauthorized changes on payment pages. It ensures that organizations implement change- and tamper-detection mechanisms to identify unauthorized modifications to payment pages as received by the consumer browser, helping to prevent e-commerce skimming attacks that could compromise cardholder data during online transactions.
Sub-requirements:
11.6. Change- and tamper-detection mechanisms are deployed to alert personnel to unauthorized modifications.
Ensure that file integrity monitoring (FIM) or similar mechanisms are used to detect and alert on unauthorized changes to critical files.
Key Risks
Frequently Asked Questions
What is file integrity monitoring (FIM)?
FIM is a security control that detects and alerts on unauthorized changes to critical system files.
Where should FIM be deployed?
On all systems and files critical to the security of the cardholder data environment.
How are FIM alerts handled?
They are monitored, investigated, and responded to according to incident response procedures.
How often should FIM be reviewed?
Regularly, and after any significant changes to monitored systems.
What are the risks of not using FIM?
Unauthorized changes may go undetected, increasing the risk of compromise.
Common QSA Questions
Can you show evidence of FIM deployment and alerts?
Yes, we have deployment records and alert logs for all monitored systems.
How are FIM alerts monitored and responded to?
We use centralized monitoring tools and have incident response procedures in place.
How do you ensure FIM is not disabled or bypassed?
We regularly review FIM configurations and monitor for any signs of tampering or failure.
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy