[PCI-DSS] 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.
[ul]
[li] 2.2.a Examine the organization’s system configuration standards for all types of system components and verify the system configuration standards are consistent with industry-accepted hardening standards–for example, SysAdmin Audit Network Security (SANS), National Institute of Standards Technology (NIST), and Center for Internet Security (CIS).[/li][li] 2.2.b Verify that system configuration standards include each item below (at 2.2.1 - 2.2.4).[/li][li] 2.2.c Verify that system configuration standards are applied when new systems are configured.[/li][/ul]
I am new to PCI DSS and this forum. Please bear with me.
Where can I find a detailed action item for 2.2 compliance ? My requirement is for Network devices, Windows Servers, Desktops- Windows XP, MACOS. As I understand this is BASELINE CONFIGURATION What we want to achieve.