it entirely depends on 2 things. 1. Is PCI data going to the 3rd party monitoring IDS/IPS?
2. Is there a way 3rd party can have access to PAN in the IDS/IPS logs? If answer is yes to this question , the machines accessing the IDS/IPS for monitoring purpose comes under the PCI scope. I would do following compensating controls for this. 1. Have separate link to the 3rd party monitoring the IPS. 2. Also make sure that they are coming through the firewall and firewall is allowing selected IP address to access the IDS/IPS. 3. IDS logs are encryted when stored on the disc. 4. 3rd party company should submit the background checks for the person monitoring the logs. 5. Finally SLA and NDA with the 3rd party confirming that the machine accessing the IDS/IPS is as per the standards provided by your company. (Standard document to be provided by us, which provides them list of available services, ports to be opened, registry settings, Account settings and other similar details. Hope this helps, Regards, Vijay Upadhyaya (TCPFIN) ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
