Safeguard
Tag

pci-dss

Safeguard articles tagged "pci-dss" — guides, analysis, and best practices for software supply chain and application security.

31 articles

Application Security

What is Penetration Testing

Penetration testing simulates real attacks to prove exploitability, not just list CVEs. Here's how it works, what it costs, and how often it's required.

Apr 13, 20268 min read
Regulatory Compliance

Report on Compliance (ROC) vs Self-Assessment Questionnai...

PCI DSS ROC vs SAQ explained, and why v4.0.1's software inventory and anti-skimming rules demand supply chain evidence GRC tools like Vanta weren't built to generate.

Mar 22, 20268 min read
Regulatory Compliance

Merchant and service provider definitions under PCI DSS

PCI DSS treats merchants and service providers differently under Requirements 6 and 12.8. Here's how Safeguard's supply chain focus compares to Vanta's compliance automation.

Mar 21, 20268 min read
Industry Analysis

Retail POS Supply Chain Security in 2026

Retail point-of-sale environments combine PCI scope, vendor-managed software, and thousands of physical endpoints. Here is the 2026 supply chain baseline that actually works at scale.

Mar 20, 20266 min read
Software Supply Chain Security

Fintech Software Supply Chain Realities in 2026

Fintechs ship fast and run on a thick layer of open source. Here is what the 2026 supply chain threat landscape looks like for a modern payments or lending platform, and the controls that actually scale.

Mar 4, 20266 min read
Compliance

What is a Security Policy

A security policy is the documented, executive-approved rulebook auditors test against — here's what belongs in one, how often to review it, and what breaks when it isn't enforced.

Feb 25, 20268 min read
Regulatory Compliance

PCI DSS 4.0 Supply Chain Requirements in 2026

The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.

Feb 19, 20265 min read
Regulatory Compliance

PCI DSS software composition analysis requirements for pa...

What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.

Jan 5, 20267 min read
Software Supply Chain Security

Securing the retail point-of-sale (POS) software supply c...

BlackPOS hit 40M Target cards in 2013. See how retail POS software supply chain security stops firmware tampering, malware, and vendor risk today.

Dec 23, 20257 min read
Regulatory Compliance

Insecure Default Configurations in Applications and Frame...

Insecure default configurations caused the 2016 MongoDB ransom wave, the 2018 Tesla Kubernetes breach, and countless audit failures. Here's why defaults stay dangerous and how to fix it.

Oct 29, 20257 min read
Regulatory Compliance

PCI DSS Meets SBOM Requirements

PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.

Sep 14, 20246 min read
Best Practices

Retail POS Supply Chain Security

Practical controls and standards shaping point-of-sale software supply chains, from PCI DSS 4.0 to PA-DSS successors and retailer-specific frameworks.

Jun 30, 20247 min read
pci-dss (Page 2) — Safeguard Blog