Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

EU CRA Enforcement First Year: What Changed

A senior engineer's review of the first year of EU Cyber Resilience Act enforcement, what regulators actually asked for, what vendors got wrong, and where the bar moves next.

Apr 11, 20267 min read
Regulatory Compliance

DIB Small Shop CMMC Readiness On A Budget

Small defense industrial base shops cannot spend like primes. Here is a pragmatic CMMC Level 2 readiness path that fits a real small business budget.

Apr 9, 20268 min read
Regulatory Compliance

Defense Software Supply Chain Under the 2026 Federal Rules

CMMC 2.0, the FAR SBOM rule, and DoD Instruction 8500.01 have reshaped what software contractors must deliver. Here is the 2026 operational baseline for defense industrial base suppliers.

Apr 9, 20266 min read
Regulatory Compliance

NIS2 Directive Supply Chain Obligations in 2026

NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.

Apr 8, 20265 min read
Regulatory Compliance

EU AI Act High-Risk System Obligations

A senior engineer's breakdown of the EU AI Act high-risk system obligations as they apply in 2026, with a focus on documentation, supply chain, and ongoing monitoring.

Apr 7, 20268 min read
Regulatory Compliance

SOC 2 Control Mapping With Supply Chain Evidence

Map SOC 2 Trust Services Criteria to concrete supply chain artifacts. Learn how SBOMs, findings, and policy logs satisfy CC controls without manual gymnastics.

Apr 7, 20267 min read
Regulatory Compliance

FedRAMP High Software Supply Chain Evidence

FedRAMP High demands provable software supply chain controls, not just policy text. Here is how to assemble the evidence package without slowing engineering.

Apr 5, 20268 min read
Regulatory Compliance

CISA Secure-By-Design Pledge Update 2026

A senior engineer's view of where the CISA Secure-By-Design pledge stands in 2026, what signatories actually delivered, and what the second wave of expectations looks like.

Apr 3, 20267 min read
Regulatory Compliance

EU CRA Self-Assessment Evidence Pack

Build a Cyber Resilience Act self-assessment pack from supply chain evidence. Learn which artifacts CRA expects and how to produce them without rebuilding your stack.

Apr 3, 20267 min read
Regulatory Compliance

IL7 Air-Gap Deployment Supply Chain Controls

IL7 environments are isolated by design but inherit every supply chain risk in the artifacts that cross the gap. Here is how to lock down the inbound flow.

Mar 31, 20268 min read
Regulatory Compliance

SLSA v1.1 Framework Update: What's New

SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.

Mar 30, 20266 min read
Regulatory Compliance

Using Reachability To Defend SOC 2 Audit Decisions

An auditor asks why you didn't fix CVE-X. The defensible answer involves reachability evidence. Without it, the conversation gets uncomfortable.

Mar 30, 20263 min read
Regulatory Compliance (Page 2) — Supply Chain Security Blog | Safeguard