Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

What is a Security Policy

A security policy is the documented, executive-approved rulebook auditors test against — here's what belongs in one, how often to review it, and what breaks when it isn't enforced.

Feb 25, 20268 min read
Compliance

DORA for Financial Services Software Supply Chain

How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.

Feb 25, 20266 min read
Compliance

What is a Security Risk Assessment

A security risk assessment ranks real business risk, not raw CVE counts. Here's what it involves, how often it's required, and how it differs from scanning.

Feb 25, 20266 min read
Compliance

What is Compliance Automation

Compliance automation replaces manual audit evidence with continuous, API-driven monitoring — here's how it works, which frameworks it covers, and why supply chain evidence changes the equation.

Feb 25, 20267 min read
Compliance

What is the OWASP Software Assurance Maturity Model (SAMM)

A concrete breakdown of OWASP SAMM's 5 functions, 15 practices, and 30 streams, how its maturity levels work, and how it compares to BSIMM.

Feb 25, 20267 min read
Compliance

SOC 2 Type II

What is SOC 2 Type II? A clear breakdown of the audit report, Trust Services Criteria, and how it differs from Type I — with real audit examples.

Feb 23, 20267 min read
Compliance

CIS Benchmarks

A precise definition of CIS Benchmarks, how they differ from CIS Controls, and what compliance scanning against them looks like in real environments.

Feb 23, 20267 min read
Compliance

Federal Software Procurement and SBOM Requirements: A Vendor's Playbook

If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.

Feb 22, 20266 min read
Compliance

Cloud Security Compliance: Mapping Controls to Frameworks

Chasing SOC 2, ISO 27001, and PCI DSS as separate projects triples your audit workload. Build one control set, map it to every framework, and collect evidence once.

Feb 18, 20267 min read
Compliance

NIST SSDF Audit: What Auditors Actually Check

A practical walkthrough of what NIST Secure Software Development Framework audits look like in 2026, where evidence gaps show up, and how to prepare without burning out engineering.

Feb 18, 20266 min read
Compliance

EU Cyber Resilience Act: Your SBOM Obligations

The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.

Feb 12, 20266 min read
Compliance

How to configure AWS Config for continuous compliance mon...

A step-by-step guide to configure AWS Config compliance monitoring: rules setup, conformance packs, alerting, remediation, and multi-account aggregation.

Feb 12, 20268 min read
Compliance (Page 15) — Supply Chain Security Blog | Safeguard