Regulatory Compliance
In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.
138 articles
NYDFS 500 Meets SBOM Requirements
23 NYCRR Part 500 was amended in 2023 with stronger third-party and vulnerability management language. For covered financial entities, SBOM practice has quietly become a compliance expectation.
NIST CSF 2.0 Rollout: Field Observations
NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.
Automotive ISO/SAE 21434: Supply Chain Implications
ISO/SAE 21434 makes cybersecurity a type-approval requirement. Here is how the standard reshapes OEM and tier-N software supply chain obligations.
FedRAMP Meets STIG: Practical Mapping
FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.
State and Local Government SBOM Mandates
States and cities are adopting SBOM requirements faster than most vendors have noticed. A survey of where the mandates sit and what they actually require.
Public-Sector Software Procurement Requirements
A tour through the attestations, self-certifications, and supply chain obligations that now shape how governments buy software.
PCI DSS Meets SBOM Requirements
PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.
Healthtech FDA Software Supply Chain Guidance
The FDA's cybersecurity guidance has quietly turned into one of the most consequential supply chain regulations in US software. A walkthrough for engineering teams shipping connected medical products.
CCPA Meets Software Supply Chain
CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.
UK NCSC Software Supply Chain Guidance Update
The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.
Telemedicine Supply Chain Privacy and Security
Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.
Aviation RTCA DO-326A and the Software Supply Chain
How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.