Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA vs Tripwire in relation to PCI complaince

One of statements in PCI DSS is:

Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical

system or content files; and configure the software to perform critical file comparisons at least


Typically auditors wants to see a software like tripwire on the system to satisfy an item above.

Question: does/(will) CSA has the simular functionality to protect and report on critical and content files?


Re: CSA vs Tripwire in relation to PCI complaince

Never used Tripwire but I know you can configure CSA to monitor files and report back. You can get quite granular too.


New Member

Re: CSA vs Tripwire in relation to PCI complaince


CSA is Host-Based IDS/IPS while as Tripwire is a change management solution. This means, that CSA is not designed for monitoring changes in configuration files and is mainly designed for IDS/IPS purposes. Moreover, CSA is only limited to host protection and cannot be deployed on network devices, while Tripwire can monitor changes on both hosts and netwrok devices.



Cisco Employee

Re: CSA vs Tripwire in relation to PCI complaince

CSA is more than just a host-based IDS/IPS. Because it is a behavioral-based and can be centrally tuned to the specific requirements of the systems it is deployed, it can effectly monitor file integrity.

In the PCI Solution for Retail, CSA was installed on all of the central application servers and the In-Store POS servers. Cybertrust found it to be an effective solution that met the Host IDS and Host Application Firewall elements of the PCI DSS 1.1 guidelines.