I'd vote yes:
"Appendix says: As referenced in Requirement 12.8, all service providers with access to cardholder data (including hosting providers) must adhere to the PCI DSS. 12.8: 12.8 If cardholder data is shared with service providers, then contractually the following is required: 12.8.1 Service providers must adhere to the PCI DSS requirements 12.8.2 Agreement that includes an acknowledgement that the service provider is responsible for the security of cardholder data the provider possesses." If the monitoring of the IDS provide access to cardholder or transaction data, they must also be compliant. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
