Requirement A.1: Shared hosting providers must protect the cardholder data environment
"A.1 Protect each entity’s (that is merchant, service provider, or other entity) hosted environment and data, per A.1.1 through A.1.4:
A.1.1 Ensure that each entity only runs processes that have access to that entity’s cardholder data environment."
A.1.2 Restrict each entity’s access and privileges to own cardholder data environment only.
A.1.3 Ensure logging and audit trails are enabled and unique to each entity’s cardholder data environment and consistent with PCI DSS Requirement 10.
A.1.4 Enable processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider.