PCI Compliance for Level 3 Vendor

I'm a level 3, 20K-1M online transactions vendor, none stored.

The requirements for me are, I think:

1. Filling out and sending to my bank a PCI Self-Assessment Questionnaire.
2. A quarterly scan by an approved vendor. Here is a partial list of vendors:

Mcafeesecure.com - 807 322-9965
ControlScan.com
SecurityMetrics.com

3. Ensuring your gateway provider is PCIDSS compliant. Here is where it's a little gray for me. My vendor is not on the list. But, he has submitted a letter to me showing that he is compliant under an arrangement with another company. If I wanted the validity of that reviewed, who would I check with? Am I being too nerdy in wanting to check?