It didn't help my perception of the report when it screamed that "ICMP echo was enabled and nefarious scalawags might be able to do unspeakable acts against our computers, best cut the network cable" type of advice  (yes, I know port 443 is open! WE'RE A WEB HOSTING COMPANY SERVING UP COMMERCIAL WEBSITES! ARE YOU PCI AUDITORS STUPID?)
 Okay, the ICMP echo thing was reported, but did not need to be disabled to pass the audit. If so, why even bring it up?