IDS mailing list archives

Re: PCI/DSS compliant Managed IDS

From: ebk_lists () hotmail com
Date: 23 Aug 2007 17:07:28 -0000

I'd vote yes:

"Appendix says:
As referenced in Requirement 12.8, all service providers with access to cardholder data (including hosting
providers) must adhere to the PCI DSS.

12.8:
12.8 If cardholder data is shared with service providers, then contractually the following is required:
12.8.1 Service providers must adhere to the PCI DSS requirements
12.8.2 Agreement that includes an acknowledgement that the service provider is responsible for
the security of cardholder data the provider possesses."

If the monitoring of the IDS provide access to cardholder or transaction data, they must also be compliant.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

PCI/DSS compliant Managed IDS marino . zini (Aug 23)
- RE: PCI/DSS compliant Managed IDS Craig Wright (Aug 24)
  - RE: PCI/DSS compliant Managed IDS MH Michael Hammer (5304) (Aug 24)
- <Possible follow-ups>
- Re: PCI/DSS compliant Managed IDS ebk_lists (Aug 24)
  - RE: PCI/DSS compliant Managed IDS Craig Wright (Aug 24)
- Re: PCI/DSS compliant Managed IDS vijay . upadhyaya (Aug 24)