PCI DSS requirement is...have configuration standards that... must be consistent with industry-accepted hardening standards as defined, for example, by (SANS), (NIST), and (CIS)
(SMB, we haven't had to do this for any other regulatory compliance before.)
Types of tools I have been looking at are products that can scan a system and show what configuration changes need to made, (some can remedy some of the settings so the system is compliant).
So far I found NetIQ, Ionix (VMware) SCM, and Tripwire.
How are you going about or gone about solving this, making configuration changes that meet your compliance requirements, what products tools are you using if any?