I am looking for a list of recommended Security Audit policies for PCI DSS compliance that I can use as a starting point. I've looked for hours and read a lot, but have not found anything resembling a simple list. Can someone please point me in the right direction?
For background, our company operates stores that use a single Windows 7 SP1 "server" and multiple POS terminals in each store. There are no domains involved and the server and terminals are all part of a local WORKGROUP. We are not required to audit on the terminals - just the Windows 7 SP1 "server".
I have downloaded Microsoft Security Compliance Manager 4.0 and will install that in one store after hours and that may help me develop policies. But I would sure appreciate seeing a list before hand.
Thanks in advance!
Ken Morley