Responding to Alerts
PCI Requirement 11.5.1 works in tandem with PCI Requirement 11.5. When your change-detection mechanism gives you an alert, you must have a process in place to respond to that. PCI Requirement 11.5.1 states, “Implement a process to respond to any alerts generated by the change-detection solution.”
During the assessment process, your staff will be interviewed to ensure that all alerts are investigated and resolved.
Keeping in mind that your file monitoring system needs to be run weekly, where your file integrity monitoring system has generated an alert or if there is an event that is created as part of your file integrity monitoring system, it needs to generate some type of log. Your staff would then need to appropriately react to that particular event.