Compliance
In-depth guides and analysis on compliance from the Safeguard engineering team.
254 articles
ISO 27001 Annex A Controls That Touch Your Build Pipeline
ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.
CISA Secure Software Development Attestation: What Vendors Must Know
CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.
NIST Cybersecurity Framework 2.0: What Changed and Why It Matters
NIST CSF 2.0 introduces a new Govern function and expands supply chain risk management. Here's what security teams need to know.
What Is the NIST Cybersecurity Framework?
The NIST Cybersecurity Framework is a voluntary set of standards organized around five (now six) functions — here's what it actually is and how organizations use it.
NYDFS Cybersecurity Regulation: Software Security Requirements for Financial Firms
New York's DFS cybersecurity regulation sets a high bar for financial institutions. Here's how the 2023 amendments affect software supply chain practices.
Supply Chain Incident Notification Laws: A Global Overview
Governments worldwide are mandating supply chain incident disclosure. Here is what organizations need to know about notification requirements across major jurisdictions.
Compliance as Code: Implementation Guide for Security Teams
Compliance as code transforms audit requirements into automated checks. This guide covers frameworks, tooling, and practical implementation for security teams.
South Korea's Cybersecurity Regulations and Software Supply Chain Requirements
South Korea is strengthening cybersecurity regulations with new supply chain security frameworks. Here's the landscape for software vendors.
SBOMs for Defense Contractors: Aligning with CMMC and DoD Requirements
Defense contractors face unique SBOM challenges. This guide covers CMMC alignment, DFARS clauses, and practical steps to meet DoD software supply chain requirements.
SEC Cyber Disclosure Rules: What Public Companies Must Do Now
The SEC's new cybersecurity disclosure rules require public companies to report material incidents within four days. Here's the operational impact.
Singapore's Cybersecurity Act and Software Supply Chain Obligations
Singapore's regulatory approach to cybersecurity is maturing fast, with supply chain security becoming a central pillar. Here's what's changing.
CMMC 2.0 and Software Supply Chain Security: A Practical Guide
CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.