1: Remove sensitive data and limit data retention.
2: Protect the networks.
3: Secure payment card software applications.
4: Monitor and control access to your systems.
5: Protect stored cardholder data.
6: Finalize remaining compliance efforts, and ensure controls are in place to meet the rest of the PCI DSS requirements.
Instead of regurgitating the dozen or so pages of itemized tasks, I thought it would be more useful to identify a set of specific tasks for small businesses to address, by category. Each task relates to one or more milestones in the Prioritized Approach and helps achieve one or more of the PCI DSS requirements.
Network and Device Low-Hanging Fruit