Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

NIS2 in the Netherlands: Cyberbeveiligingswet Adoption in April 2026

The Dutch Parliament approved the Cyberbeveiligingswet on 15 April 2026, with target entry into force on 1 July 2026 — 21 months after the EU transposition deadline.

May 6, 20267 min read
Compliance

NYDFS Part 500: The November 2025 Deadlines, One Year On

The Second Amendment to NYDFS Part 500 added universal MFA and an asset inventory mandate on November 1, 2025. The April 2026 certification reveals where covered entities stand.

May 6, 20266 min read
Compliance

Does AI pentesting satisfy SOC 2, ISO 27001, HIPAA or PCI...

AI-powered pentesting promises fast compliance checkmarks, but SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0 auditors require more than an automated scan report.

May 4, 20267 min read
Compliance

Aikido Trust Center walkthrough: certifications, pentesti...

A walkthrough of the Aikido Security trust center: what its SOC 2, ISO 27001, and annual pentest claims actually mean, and what's missing for a real vendor risk review.

May 2, 20266 min read
Compliance

CMMC 2.0 Phase Two: What November 10, 2026 Means for Contractors

CMMC Phase 1 began in November 2025. Phase 2 lands on November 10, 2026, requiring mandatory C3PAO Level 2 assessments. We unpack the contractor implications.

Apr 29, 20266 min read
Compliance

FedRAMP 20x Phase Two: What Moderate Pilots Are Teaching Us

FedRAMP 20x Phase Two is running Moderate-baseline pilots through Q2 2026. We walk through KSIs, machine-readable OSCAL, and the path to wide-scale adoption.

Apr 22, 20266 min read
Compliance

Cloud Security Standards & Frameworks (ISO/IEC, NIST, CIS)

ISO 27001:2022, NIST CSF 2.0, and CIS Benchmarks now expect software supply chain proof that cloud posture tools like Wiz can't provide alone. Here's what changed and why it matters.

Apr 19, 20268 min read
Compliance

TSA Surface Transportation Cyber NPRM: From Directives to Rule

TSA's November 2024 Enhancing Surface Cyber Risk Management NPRM would formalize what pipeline and rail SDs already require. Operators should prepare now.

Apr 15, 20266 min read
Compliance

DORA Compliance for Fintech Engineering Teams

DORA has applied since January 2025. For engineers that means ICT asset inventories, 4-hour incident classification, TLPT, and a register of every software supplier.

Apr 15, 20266 min read
Compliance

The EU Cyber Resilience Act Explained for Software Vendors

What the EU CRA actually requires from software vendors — SBOMs, vulnerability handling, CE marking, timelines through 2027, and penalties up to EUR 15M.

Apr 10, 20268 min read
Compliance

EU AI Act Enforcement Begins: 2026 Reality Check

A 2026 reality check on EU AI Act enforcement: which obligations are active, what regulators expect, and the technical evidence enterprises must produce.

Apr 10, 20269 min read
Compliance

Secure by Design Pledge: Reading the 2026 Progress Reports

More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.

Apr 8, 20266 min read
Compliance (Page 8) — Supply Chain Security Blog | Safeguard