Re: PCI/DSS compliant Managed IDS



I'd vote yes:

"Appendix says:
As referenced in Requirement 12.8, all service providers with access to cardholder data (including hosting
providers) must adhere to the PCI DSS.

12.8:
12.8 If cardholder data is shared with service providers, then contractually the following is required:
12.8.1 Service providers must adhere to the PCI DSS requirements
12.8.2 Agreement that includes an acknowledgement that the service provider is responsible for
the security of cardholder data the provider possesses."

If the monitoring of the IDS provide access to cardholder or transaction data, they must also be compliant.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------