Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

252 articles

Compliance

The 2026 SBOM compliance guide: where a software bill of materials is now required

SBOM requirements have spread from a single US executive order to regulations across sectors and continents. Here's a framework-by-framework map of where you need one in 2026.

Jul 8, 20265 min read
Compliance

CCPA and CPRA for Developers: What the Code Actually Has to Do

California's privacy laws are usually framed as a legal problem, but honoring opt-outs, deleting data, and maintaining reasonable security are engineering problems. Here's the developer's view of CCPA and CPRA.

Jul 8, 20266 min read
Compliance

DORA compliance for financial services: the software supply chain angle

The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.

Jul 8, 20265 min read
Compliance

ISO 27001 application security: the Annex A controls that govern your code

ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.

Jul 7, 20265 min read
Compliance

SOX Compliance for Software: IT General Controls and the Supply Chain

Sarbanes-Oxley is a financial-reporting law, but it reaches deep into the software that produces the numbers. Here's how IT general controls, change management, and dependency integrity fit under SOX.

Jul 7, 20266 min read
Compliance

SOC 2 and software supply chain security: mapping the Trust Services Criteria

SOC 2 never says the words 'software bill of materials,' but auditors increasingly expect supply-chain evidence. Here's how the Trust Services Criteria map to your dependencies.

Jul 6, 20265 min read
Compliance

ISO 27001 vs SOC 2: Which Certification Matters More

ISO 27001 and SOC 2 answer different questions. Here's how to read both when vetting supply chain security vendors like Snyk and Safeguard.

Jul 6, 20269 min read
Compliance

The FedRAMP Authorization Guide: Paths, Baselines, and Continuous Monitoring

FedRAMP is how cloud products earn the right to sell to U.S. federal agencies. Here's how the authorization paths work, what the NIST 800-53 baselines require, and where your software supply chain gets scrutinized.

Jul 5, 20266 min read
Compliance

The NIST Secure Software Development Framework (SSDF), explained

NIST SP 800-218 is the framework behind federal secure-development attestations. Here's what its four practice groups ask of you and how to produce the evidence.

Jul 5, 20265 min read
Compliance

The HIPAA Security Rule for Software Teams: Safeguards, Structure, and Change Ahead

The HIPAA Security Rule is technology-neutral by design, but its administrative, physical, and technical safeguards translate into concrete engineering work. Here's how the rule is structured and how a proposed 2025 overhaul could tighten it.

Jul 4, 20266 min read
Compliance

SBOMs and Executive Order 14028: how a 2021 order reshaped software supply chain policy

Executive Order 14028 made the software bill of materials a matter of federal policy. Here's the story of how it happened, what it requires, and what it means for you in 2026.

Jul 4, 20265 min read
Compliance

CMMC 2.0 Explained: What Defense Contractors and Their Software Must Do

CMMC 2.0 turns NIST SP 800-171 into a certification requirement for the defense supply chain. Here's how the three levels work, who assesses them, and where your software components fit.

Jul 3, 20266 min read
Compliance — Supply Chain Security Blog | Safeguard