Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

ISO 27001 Annex A Controls That Touch Your Build Pipeline

ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.

Mar 20, 20246 min read
Compliance

CISA Secure Software Development Attestation: What Vendors Must Know

CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.

Mar 11, 20246 min read
Compliance

NIST Cybersecurity Framework 2.0: What Changed and Why It Matters

NIST CSF 2.0 introduces a new Govern function and expands supply chain risk management. Here's what security teams need to know.

Feb 26, 20246 min read
Compliance

What Is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework is a voluntary set of standards organized around five (now six) functions — here's what it actually is and how organizations use it.

Feb 20, 20244 min read
Compliance

NYDFS Cybersecurity Regulation: Software Security Requirements for Financial Firms

New York's DFS cybersecurity regulation sets a high bar for financial institutions. Here's how the 2023 amendments affect software supply chain practices.

Feb 18, 20245 min read
Compliance

Supply Chain Incident Notification Laws: A Global Overview

Governments worldwide are mandating supply chain incident disclosure. Here is what organizations need to know about notification requirements across major jurisdictions.

Feb 18, 20246 min read
Compliance

Compliance as Code: Implementation Guide for Security Teams

Compliance as code transforms audit requirements into automated checks. This guide covers frameworks, tooling, and practical implementation for security teams.

Feb 12, 20248 min read
Compliance

South Korea's Cybersecurity Regulations and Software Supply Chain Requirements

South Korea is strengthening cybersecurity regulations with new supply chain security frameworks. Here's the landscape for software vendors.

Feb 5, 20246 min read
Compliance

SBOMs for Defense Contractors: Aligning with CMMC and DoD Requirements

Defense contractors face unique SBOM challenges. This guide covers CMMC alignment, DFARS clauses, and practical steps to meet DoD software supply chain requirements.

Jan 28, 20246 min read
Compliance

SEC Cyber Disclosure Rules: What Public Companies Must Do Now

The SEC's new cybersecurity disclosure rules require public companies to report material incidents within four days. Here's the operational impact.

Dec 15, 20236 min read
Compliance

Singapore's Cybersecurity Act and Software Supply Chain Obligations

Singapore's regulatory approach to cybersecurity is maturing fast, with supply chain security becoming a central pillar. Here's what's changing.

Nov 10, 20235 min read
Compliance

CMMC 2.0 and Software Supply Chain Security: A Practical Guide

CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.

Nov 5, 20236 min read
Compliance (Page 20) — Supply Chain Security Blog | Safeguard