Case Study: Streamlining PCI/DSS Compliance for a Major Airline

Achieving and maintaining PCI/DSS compliance can be a daunting challenge, especially for organizations handling large volumes of sensitive financial data. This case study highlights how a major airline leveraged MainTegrity FIM+ to meet compliance requirements, reduce labor costs, and improve reporting accuracy.

The Challenge: Meeting PCI/DSS Compliance

A major outsourcer for a large airline was tasked with meeting PCI/DSS requirements 10.5 (File Integrity Monitoring) and 11.5 (Log Monitoring). The current process relied heavily on manual compensating controls, which were time-consuming and labor-intensive. With the introduction of PCI/DSS Version 4, stricter guidelines for compensating controls necessitated a transition to real file integrity monitoring.

The Solution: MainTegrity FIM+

MainTegrity FIM+ provided the airline with a robust, automated solution to achieve compliance while enhancing mainframe security. Key capabilities of FIM+ include:

  • Comprehensive File Integrity Monitoring: Detects unauthorized changes at the member and dataset level across z/OS and USS file systems.
  • Automated Compliance Reporting: Generates weekly PCI/DSS reports, detailing scan results, systems covered, and detected changes.
  • Real-Time Alerts and Forensics: Offers rapid incident response with advanced forensic tools to investigate and resolve change incidents efficiently.

These features ensured seamless integration into the airline’s existing systems while dramatically reducing manual effort.

The Results

Effort Savings

By deploying FIM+, the outsourcer reduced labor by one full-time equivalent (FTE) while improving detection accuracy. Automated reporting eliminated manual processes, ensuring consistent delivery of PCI/DSS compliance data.

Enhanced Reporting

FIM+ provided automated reports that included:

  • Scan dates and times.
  • Systems and application components reviewed.
  • Detected changes (or confirmations of no changes).

These reports were automatically emailed to the PCI Compliance Officer, ensuring timely and accurate compliance documentation.

PCI Report Example

Faster Resolution Times

The forensic capabilities of FIM+ allowed for rapid investigation and resolution of detected incidents, minimizing disruption and improving compliance audit scores.

Broader Implications for Compliance and Security

Addressing Cyber Resiliency Guidelines

The need for faster recovery and operational resumption, as outlined in global Cyber Resiliency Guidelines, underscores the importance of tools like FIM+. By automating integrity monitoring, access control, and reporting, FIM+ helps organizations meet stringent regulatory standards enforced by bodies such as the SEC (USA), OSC (Canada), and FCA (UK).

Labor and Cost Savings

With FIM+, organizations can:

  • Automate report generation for standards like PCI, SOX, and cyber resiliency.
  • Reduce or eliminate manual reporting tasks, saving time and reducing errors.
  • Enable auditors to be more self-sufficient, further reducing costs and time associated with audits.

Why Choose MainTegrity FIM+?

For organizations striving to meet PCI/DSS compliance and improve mainframe security, MainTegrity FIM+ delivers unmatched benefits:

  • Real-Time Monitoring: Immediate detection of unauthorized changes.
  • Streamlined Reporting: Effortless creation of audit-ready compliance reports.
  • Faster Recovery: Tools to investigate, resolve, and recover from incidents efficiently.
  • Enhanced Accuracy: Reduces false positives and ensures precise compliance data.

Learn More

Discover how MainTegrity FIM+ can help your organization achieve compliance and improve security. Download the full case study here:
Download the Case Study (PDF)

Back