Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

CISA's Software Identification Ecosystem: What You Need to Know

CISA is building a comprehensive software identification ecosystem that ties SBOMs, vulnerabilities, and procurement together. Here is what it means for software producers and consumers.

Oct 10, 20256 min read
Compliance

CMMC 32 CFR Part 170: The Program Rule and the Four Phases

DoD's CMMC program rule became effective December 16, 2024 with a four-phase rollout running through November 2028. The companion DFARS rule landed September 10, 2025.

Sep 15, 20256 min read
Compliance

How Snyk's open-source license compliance engine classifi...

How Snyk's license compliance engine groups open-source licenses and maps them to low, medium, high, and critical severity levels.

Aug 25, 20257 min read
Compliance

NIST SSDF PW.4: Reusing Well-Secured Software, Explained

PW.4 is the SSDF practice that governs how you consume third-party and open-source components. Here is what its tasks actually ask for and how to satisfy them with evidence, not policy documents.

Aug 19, 20256 min read
Compliance

License Compliance Debt: The Quiet Risk Growing Alongside...

Open source license debt is compounding as fast as CVE backlogs, but has no CVSS score, no patch, and no dashboard — until an audit, M&A deal, or lawsuit forces the issue.

Aug 12, 20257 min read
Compliance

Compliance Reporting with Safeguard: From Raw Data to Audit-Ready Documents

How to use Safeguard's compliance reporting engine to generate audit-ready documentation for SOC 2, ISO 27001, NIST SSDF, and other frameworks without weeks of manual work.

Jul 8, 20256 min read
Compliance

NIS2 Directive: What EU Software Vendors Must Do Now

NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.

Jul 8, 20256 min read
Compliance

NIS2 in Italy: Legislative Decree 138/2024 and the Tiered Sanctions Regime

Italy's NIS2 transposition entered into force on 16 October 2024 via Decree 138/2024, with fines reaching 10 million EUR or 2% of global turnover for essential entities.

Jun 18, 20256 min read
Compliance

DORA Register of Information: Lessons From the First Submission

The 30 April 2025 ESA deadline forced banks and insurers to inventory every ICT contract against 105 prescribed data points — and exposed structural gaps in third-party data.

Jun 12, 20258 min read
Compliance

NIST 800-171 Rev. 3 and the DoD Class Deviation: Stuck on Rev. 2

NIST published 800-171 Rev. 3 on May 14, 2024. Twelve days earlier, DoD froze DFARS 7012 to Rev. 2 via Class Deviation 2024-O0013.

May 29, 20256 min read
Compliance

BSD 3-Clause License Explained

The BSD 3-clause license is one of the most permissive open source licenses in wide use — here's what its three conditions actually require and how it differs from MIT and Apache 2.0.

May 6, 20256 min read
Compliance

Software Transparency Goes Global: Regulatory Developments in 2025

From the EU Cyber Resilience Act to Japan's software security guidelines, governments worldwide are mandating software transparency. A comprehensive overview of the global regulatory landscape.

Apr 10, 20255 min read
Compliance (Page 18) — Supply Chain Security Blog | Safeguard