Reddit mentions of Defensive Security Handbook: Best Practices for Securing Infrastructure

Here are a few books I recommend:

Blue Team Handbook


Defensive Security Handbook


The Practice of Network Security Monitoring


Crafting the Infosec Playbook


And don't forget the NIST Cyber Security Framework

Unsure if it meets your requirements exactly, but I liked this book:


Defensive Security Handbook

I have to recommend Amanda Berlin and Lee Brotherston's book : https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388

Look at the SANS website. They have some downloadable Word docs with basic questions. Other Google searches for 'audit' checklists will bring up some others.

From the audits that I've been part of, you need to focus on these key areas:

1. Servers - patching schedules, hardening processes, vulnerability scans (Nessus)
   
2. Files - security audits on who can access what, permissions reports on shared files, Where is the data stored?
   
3. Network - how locked down is the network and who can get on it? Do you have a separate Guest network?
   
4. Firewall - what type of policies do you have? Do you have IDS/IPS? What categories do you block?
   
5. Physical security - do you have door systems with locked-down access? Do you have security cameras? Do you have water sensors under the AC units?
   
6. Personnel - do you have security training? Are your users compliant with any standards (HIPAA, PCI, etc.)? Do you perform account audits, looking for old usernames or passwords that never expire?
   
7. In some cases, auditors look at individual departments to determine if their normal business practices put the entire business at risk.
   
   Also, take a look at this book. It helped me get a security program started, from the ground up. https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388/ref=sr_1_15?keywords=building+a+network+security&qid=1566233244&s=gateway&sr=8-15