pci-dss
Safeguard articles tagged "pci-dss" — guides, analysis, and best practices for software supply chain and application security.
31 articles
What is Penetration Testing
Penetration testing simulates real attacks to prove exploitability, not just list CVEs. Here's how it works, what it costs, and how often it's required.
Report on Compliance (ROC) vs Self-Assessment Questionnai...
PCI DSS ROC vs SAQ explained, and why v4.0.1's software inventory and anti-skimming rules demand supply chain evidence GRC tools like Vanta weren't built to generate.
Merchant and service provider definitions under PCI DSS
PCI DSS treats merchants and service providers differently under Requirements 6 and 12.8. Here's how Safeguard's supply chain focus compares to Vanta's compliance automation.
Retail POS Supply Chain Security in 2026
Retail point-of-sale environments combine PCI scope, vendor-managed software, and thousands of physical endpoints. Here is the 2026 supply chain baseline that actually works at scale.
Fintech Software Supply Chain Realities in 2026
Fintechs ship fast and run on a thick layer of open source. Here is what the 2026 supply chain threat landscape looks like for a modern payments or lending platform, and the controls that actually scale.
What is a Security Policy
A security policy is the documented, executive-approved rulebook auditors test against — here's what belongs in one, how often to review it, and what breaks when it isn't enforced.
PCI DSS 4.0 Supply Chain Requirements in 2026
The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.
PCI DSS software composition analysis requirements for pa...
What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.
Securing the retail point-of-sale (POS) software supply c...
BlackPOS hit 40M Target cards in 2013. See how retail POS software supply chain security stops firmware tampering, malware, and vendor risk today.
Insecure Default Configurations in Applications and Frame...
Insecure default configurations caused the 2016 MongoDB ransom wave, the 2018 Tesla Kubernetes breach, and countless audit failures. Here's why defaults stay dangerous and how to fix it.
PCI DSS Meets SBOM Requirements
PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.
Retail POS Supply Chain Security
Practical controls and standards shaping point-of-sale software supply chains, from PCI DSS 4.0 to PA-DSS successors and retailer-specific frameworks.