Looks like its now required for everyone. I use PayPal web payments pro for the most part and they offer a free PCI compliance monitor through ScanAlert and that seemed to work for our checks.

Only thing that caught me off guard was how specific they are into version signatures and we actually had to upgrade our OS (centos) to get get supported packages. (mainly openssl vulnerabilities). Does redhat not have any vendors seeking PCI compliance or is it "your own your own"?

I was told they down port security patches and create their own minor version revisions but that does absolutely no good through 3rd party audits.