Security control that detects unauthorised changes to critical system files and configurations.
File Integrity Monitoring (FIM) tracks changes to critical files—operating system files, application configurations, and sensitive data. FIM creates a baseline of file characteristics (checksums, permissions, ownership) and alerts when changes occur. This detects malware that modifies system files, attackers installing backdoors, unauthorised configuration changes, and compliance violations. FIM is particularly important for servers running critical applications and is required by PCI DSS and recommended by most security frameworks.
Why It Matters
The DSC Perspective:
Attackers modify files to maintain access and cover their tracks. FIM catches these changes. It's specifically required by PCI DSS and valuable for any server handling sensitive data. Many EDR and SIEM solutions include FIM capabilities.