Re: PCI compliance
Critical patches within one month, everything else within an "appropriate time frame" (e.g. 3 months) - isn't that what PCI's documents and training courses state ?
Of course, Microsoft had to make that so much more difficult by bundling up patches and making it harder to apply/test just the critical ones.