Re: PCI/DSS compliant Managed IDS

[vijay.upadhyaya () gmail com]

it entirely depends on  2 things. 
1. Is PCI data going to the 3rd party monitoring IDS/IPS? 
2. Is there a way 3rd party can have access to PAN in the IDS/IPS logs? 

If answer is yes to this question , the machines accessing the IDS/IPS for monitoring purpose comes under the PCI 
scope. 

I would do following compensating controls for this. 
1. Have separate link to the 3rd party monitoring the IPS. 
2. Also make sure that they are coming through the firewall and firewall is allowing selected IP address to access the 
IDS/IPS. 
3. IDS logs are encryted when stored on the disc. 
4. 3rd party company should submit the background checks for the person monitoring the logs. 
5. Finally SLA and NDA with the 3rd party confirming that the machine accessing the IDS/IPS is as per the standards 
provided by your company. 
(Standard document to be provided by us, which provides them list of available services, ports to be opened, registry 
settings, Account settings and other similar details. 

Hope this helps, 
Regards, 
Vijay Upadhyaya (TCPFIN)

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------