The RSI security blog site breaks down the steps in certain depth, but the method in essence goes like this: PCI compliance is divided into 4 stages, based upon the annual amount of credit or debit card transactions a company processes. The classification level decides what an enterprise must do https://www.nathanlabsadvisory.com/blog/nathan/secure-federal-contracts-with-fisma-compliance/
