Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

US DoD Zero Trust: Software Dimensions

Where the DoD Zero Trust Reference Architecture meets the software supply chain, and what program offices are actually doing about it.

Jul 25, 20247 min read
Regulatory Compliance

GDPR Meets CRA: Software Overlap

GDPR Article 32 and the EU Cyber Resilience Act look like separate regimes, but for any software handling personal data they converge at the component level. Here's where they overlap and where they diverge.

Jul 22, 20247 min read
Regulatory Compliance

Open Banking API Supply Chain Security

Open banking depends on a tangle of SDKs, certificate authorities, and directory services. What PSD2, the UK's Open Banking Standard, and the emerging US framework mean for supply chain security.

Jul 18, 20247 min read
Regulatory Compliance

ISO 27001 Meets NIST CSF: Integration

Running an ISMS under ISO 27001:2022 while executives want NIST CSF 2.0 reporting? These frameworks integrate cleanly if you map Annex A controls to CSF subcategories once and stop duplicating work.

Jun 25, 20246 min read
Regulatory Compliance

Gramm-Leach-Bliley Software Security Update

The FTC Safeguards Rule amendments effective May 13, 2024 expand breach-notification and software supply chain expectations for financial institutions under GLBA.

Jun 11, 20246 min read
Regulatory Compliance

OSS Contributor License Agreements Reviewed

CLAs, DCOs, and the subtle differences between Apache ICLAs, Google corporate CLAs, and Eclipse ECAs shape what contributors give up and what projects can do.

May 25, 20247 min read
Regulatory Compliance

SOX IT Controls Meet Software Controls

Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.

May 20, 20247 min read
Regulatory Compliance

Utilities Sector NERC CIP Software Supply Chain

NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.

May 20, 20247 min read
Regulatory Compliance

Australia's Essential Eight and Software Supply Chain

The ACSC's November 2023 Essential Eight update tightened patching, application control, and software inventory expectations that every Australian-regulated entity now has to evidence.

Apr 14, 20245 min read
Regulatory Compliance

HIPAA Meets HITRUST: Supply Chain Depth

HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.

Apr 8, 20246 min read
Regulatory Compliance

PCI DSS 4.0 Software Security Requirements

PCI DSS 4.0 became mandatory on March 31, 2024, overhauling software security, SBOM visibility, and supply chain controls for every entity that touches cardholder data.

Mar 31, 20245 min read
Regulatory Compliance

Defense Industrial Base Supply Chain and CMMC

How the Defense Industrial Base is adapting its software supply chain to CMMC 2.0, NIST SP 800-171, and DFARS flow-down obligations.

Mar 22, 20247 min read
Regulatory Compliance (Page 11) — Supply Chain Security Blog | Safeguard