Hello, I am confused by the question itself. What type of report do you have to run, and what is the purpose of the report, such as audit-readiness, or internal evidence for PCI compliance? PCI has been built on 12 requirement blocks, and Control Compliance Suite (CCS) Standards Module can just help on a few of them. I.e. the asset system within CCS is designed to allow you to organize your environment so you can take a risk-based approach to maintain PCI, in particular requirement 6.1. Standards Manager itself will help you with requirement 2.2 (Develop configuration standards for all system components). Standards module contains the PCI DSS 1.2 Standard using CIS best practices, which can be customised to meet your organisations needs. The built in entitlement module can help with PCI requirement 7.
There are much more requirements in PCI, i.e. 6.2, which is covered by CCS Vulnerability Manager, or requirement 12, which is covered by CCS Policy Manager. Many PCI requirements are not covered by technical controls. They require human attestation, which are usually questionnaire-base. CCS Response Assement Module comes with PCI DSS 1.1 and 1.2 questionnaire templates ready to use but also customisable.
Regarding the version, CCS 8.6 is still supported and includes PCI DSS 1.2 updates. So you should see the standard in your CCS 8.6 standards module. The benefit of version 10 is the introduction of dynamic dashboarding, which gives you much better visual reporting capabilities, as well as the data evidence integration of third party solutions.
There is a very good whitepaper which will give you more details about the question which module in CCS covers what PCI requirement. Please download the whitepaper on
https://www4.symantec.com/Vrt/offer?a_id=78474.
Please don"t hesitate to contact me, so we can discuss your PCI requirements in details.