Environment
Security Manager 6.x
Change Guardian for Windows
Situation
How does NetIQ Security Manager satisfy PCI compliance Section 10.5.5?
PCI Compliance section 10.5.5: "Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts"
PCI Compliance section 10.5.5: "Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts"
Resolution
NetIQ Change Guardian for Windows (CGW) is a module add-in to the Security Manager application. CGW utilizes a file system filter driver (FSFD) to provide a safe, reliable and Microsoft-approved mechanism for detecting changes and activities across Windows systems. For specific log files, CGW provides real-time monitoring and notification of changes such as details of who created, accessed, moved, edited or deleted a file or directory, along with pre- and post-change information (including file size and access permissions). Notification is handled through Controllable alerting, allowing the definition of what changes will generate an alert, along with when, to where and how those alerts are delivered.
Additional Information
Formerly known as NETIQKB72876