I cannot provide a link to other definitive sources and this seems to be somewhat of a grey area. I could be wrong but PCI scans seem to be somewhat of an Art & Science. Some report problems that others do not. Some will fail if an iFrame is used anywhere and some will fail if an iFrame is just used on the payment page.
I have taken the position that not using iFrames anywhere, is the way to go. It is my belief that AJAX will supersede iFrames and even though both have their problems, security and otherwise, the former is better than the latter.