11.5.1 Implement a process to respond to any alerts generated by the change- detection solution.
11.5.1 Interview personnel to verify that all alerts are investigated and resolved.
Change-detection solutions such as file-integrity monitoring (FIM) tools check for changes to critical files, and notify when such changes are detected.
If not implemented properly and the output of the change-detection solution monitored, a malicious individual could alter configuration file contents, operating system programs, or application executables. Unauthorized changes, if undetected, could render existing security controls ineffective and/or result in cardholder data being stolen with no perceptible impact to normal processing.