Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

CRA Conformity Assessment: Choosing Between Modules A, B+C, and H

The CRA offers three conformity routes: Module A self-assessment, Module B+C type examination plus production conformity, and Module H quality management system audit.

Apr 7, 20267 min read
Compliance

CISA KEV Catalog Growth Analysis 2025-2026

A data-grounded analysis of CISA Known Exploited Vulnerabilities catalog growth through 2025 and 2026, and the operational implications for defenders.

Apr 6, 20269 min read
Compliance

California SB-327 IoT Security Enforcement Update

A 2026 enforcement update on California SB-327, the IoT security statute that set a national precedent, and what manufacturers and integrators need to know.

Apr 2, 20269 min read
Compliance

How to lower FedRAMP certification costs

FedRAMP authorizations cost $250K-$3M and take 12-18 months. See where that spend actually goes, how Chainguard's hardened images fit in, and how to cut costs.

Apr 1, 20266 min read
Compliance

FedRAMP High: requirements and readiness

What FedRAMP High actually requires: 421 controls, 12-24 month timelines, and how supply chain security vendors like Chainguard and Safeguard measure up.

Apr 1, 20267 min read
Compliance

FedRAMP compliance checklist: steps, requirements, docume...

A concrete FedRAMP compliance checklist: steps, documentation, timelines, and how supply chain evidence like Chainguard images and Safeguard SBOMs fits in.

Apr 1, 20267 min read
Compliance

FedRAMP vulnerability scanning requirements explained

FedRAMP mandates monthly vulnerability scans and 30-day remediation windows. Here's what Rev 5 requires, and why minimal images like Chainguard's don't exempt you.

Apr 1, 20267 min read
Compliance

Simplify PCI DSS 4.0 compliance with hardened containers

PCI DSS 4.0's 30-day patch clock is brutal for container-heavy CDEs. Here's how hardened, minimal images cut CVE noise and make audits defensible.

Mar 31, 20268 min read
Compliance

White House M-22-18 SBOM Attestation Update

OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.

Mar 31, 20268 min read
Compliance

CMMC 2.0 compliance for containerized workloads

CMMC 2.0 enforcement is phasing in through 2028. Hardened container images help, but 35+ of 110 NIST 800-171 controls need continuous evidence Chainguard's approach doesn't cover.

Mar 31, 20268 min read
Compliance

SOC 2 and the hardened software supply chain

SOC 2 attests to internal controls, not to whether a hardened image or build pipeline is secure. Here is how Chainguard's approach fits, and what it does not cover.

Mar 31, 20268 min read
Compliance

India DPDP Act Software Security Implications 2026

A senior engineer's view of the Digital Personal Data Protection Act in 2026: security safeguards, significant data fiduciaries, breach notification, and software controls that actually comply.

Mar 26, 20268 min read
Compliance (Page 9) — Supply Chain Security Blog | Safeguard