CSA vs Tripwire in relation to PCI complaince

Unanswered Question
Mar 9th, 2007
User Badges:

One of statements in PCI DSS is:

Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical

system or content files; and configure the software to perform critical file comparisons at least


Typically auditors wants to see a software like tripwire on the system to satisfy an item above.

Question: does/(will) CSA has the simular functionality to protect and report on critical and content files?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tsteger1 Fri, 03/09/2007 - 08:03
User Badges:
  • Red, 2250 points or more

Never used Tripwire but I know you can configure CSA to monitor files and report back. You can get quite granular too.


haithamnofal Thu, 04/19/2007 - 01:56
User Badges:


CSA is Host-Based IDS/IPS while as Tripwire is a change management solution. This means, that CSA is not designed for monitoring changes in configuration files and is mainly designed for IDS/IPS purposes. Moreover, CSA is only limited to host protection and cannot be deployed on network devices, while Tripwire can monitor changes on both hosts and netwrok devices.



paujones Thu, 04/19/2007 - 21:32
User Badges:
  • Cisco Employee,

CSA is more than just a host-based IDS/IPS. Because it is a behavioral-based and can be centrally tuned to the specific requirements of the systems it is deployed, it can effectly monitor file integrity.

In the PCI Solution for Retail, CSA was installed on all of the central application servers and the In-Store POS servers. Cybertrust found it to be an effective solution that met the Host IDS and Host Application Firewall elements of the PCI DSS 1.1 guidelines.


This Discussion