Is there anything in PCI DSS that covers the following procedure. I assume its common for IT departments to determine a baseline security minimum standard for each system type/role. I.e. for laptop computers, I assume your security baseline would say laptop machines must have full disc encryption. But does PCI DSS (or any of these standards) recommend pro-active verifacation and monitoring that all your machines actually do have full disc encryption? If so could you point me in the direction of the section in PCI DSS that goes over this? I had a quick scan through but couldnt see to much in that area.