Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

NYDFS 500 Meets SBOM Requirements

23 NYCRR Part 500 was amended in 2023 with stronger third-party and vulnerability management language. For covered financial entities, SBOM practice has quietly become a compliance expectation.

Nov 25, 20247 min read
Regulatory Compliance

NIST CSF 2.0 Rollout: Field Observations

NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.

Nov 22, 20246 min read
Regulatory Compliance

Automotive ISO/SAE 21434: Supply Chain Implications

ISO/SAE 21434 makes cybersecurity a type-approval requirement. Here is how the standard reshapes OEM and tier-N software supply chain obligations.

Nov 18, 20247 min read
Regulatory Compliance

FedRAMP Meets STIG: Practical Mapping

FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.

Oct 18, 20246 min read
Regulatory Compliance

State and Local Government SBOM Mandates

States and cities are adopting SBOM requirements faster than most vendors have noticed. A survey of where the mandates sit and what they actually require.

Oct 15, 20247 min read
Regulatory Compliance

Public-Sector Software Procurement Requirements

A tour through the attestations, self-certifications, and supply chain obligations that now shape how governments buy software.

Sep 18, 20247 min read
Regulatory Compliance

PCI DSS Meets SBOM Requirements

PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.

Sep 14, 20246 min read
Regulatory Compliance

Healthtech FDA Software Supply Chain Guidance

The FDA's cybersecurity guidance has quietly turned into one of the most consequential supply chain regulations in US software. A walkthrough for engineering teams shipping connected medical products.

Sep 12, 20247 min read
Regulatory Compliance

CCPA Meets Software Supply Chain

CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.

Aug 28, 20247 min read
Regulatory Compliance

UK NCSC Software Supply Chain Guidance Update

The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.

Aug 26, 20245 min read
Regulatory Compliance

Telemedicine Supply Chain Privacy and Security

Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.

Aug 20, 20247 min read
Regulatory Compliance

Aviation RTCA DO-326A and the Software Supply Chain

How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.

Aug 8, 20247 min read
Regulatory Compliance (Page 10) — Supply Chain Security Blog | Safeguard