Thanks zencoder,

From the required software tools perspective what i could articulate from some of the discussions in the pcifile forums is that we must have some basic tools like vulnerability scanner (like nessus, eEye, scanfi, etc...), log forensics tools (like netforensics, fwanalyzer, loglogic, ...), remediation tools (like patchquest, shavlik..) etc. with good reporting would go a long way in assisting us during our audits...oops..assessment . But of course, as mentioned there is no "single size fits all" solution to PCI

Guess i will recommend some of the thoughts from the discussions at these forums to my organization!