"As part of this security effort, the Council maintains that adherence to and maintenance of the Payment Card Industry Data Security Standard (PCI DSS) is the best defense against data breaches."
What is this "adherence to the PCI DSS?
To look at the actual requirements and procedures you have to agree to their terms and conditions.
The standard says to maintain a vulnerability management program.
Among other items:
NIST SP800-115 is the sample standard for penetration testing methodologies.
Examine Security policies and procedures.
"Verify responsibility" is sprinkled in multiple times in the PCI DSS standard. Each person or team with responsibilities should be clearly aware of their responsibilities.
I know a "Guidance" that would make PCI DSS even stronger: Use an independent reviewer (second pair of eyes) such as Fixvirus.com