Most often, organizations encounter problems when trying to achieve PCI compliance manually. It is no small effort to do what is required in the twelve sections of the PCI Spec. Often, once they achieve or get near their desired goal, which would be to pass PCI audits or get to a compliant state, their systems began to degrade, because it was a one-time event and it's very difficult for them to maintain that compliant status.

Read this whitepaper to understand:

• what file integrity monitoring really means and why simple detection of change is not enough to get and stay compliant for PCI DSS
• why it's so important to stay compliant, not just to achieve compliance, and the risks of not understanding the difference between the two for managing daily change