Regulatory Compliance
In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.
138 articles
SOC 2 Meets SSDF: A Practical Mapping
SOC 2 auditors are starting to ask about secure development practices. Here's how to map NIST SSDF tasks onto SOC 2 Trust Services Criteria without duplicating work.
Fintech Software Supply Chain Regulatory Map
A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.
SOX IT Controls and Software Supply Chain
SOX ITGCs are being rewritten around open-source software and build integrity as PCAOB and SEC scrutiny extends ICFR into the developer toolchain for the first time.
Executive Order 14028 at the Two-Year Mark
Two years after Executive Order 14028 on federal cybersecurity, the operational impact is clearer. What actually changed, what stalled, and what is coming in year three.
NIST SSDF v1.1: Practical Adoption Notes
NIST SP 800-218 became the de facto baseline for federal software attestation in 2023. Here is how to adopt SSDF v1.1 without drowning in paperwork.
SLSA vs SSDF vs S2C2F: Framework Comparison
Three supply chain integrity frameworks. Three different authors. Three different audiences. A practical comparison of SLSA, NIST SSDF, and Microsoft S2C2F for teams picking one.