Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

CMMC 2.0 software supply chain security requirements for ...

CMMC 2.0 now folds SBOMs, third-party component risk, and build-pipeline integrity into defense contractor assessments. Here's what's required, when, and how to prove it.

Dec 27, 20257 min read
Regulatory Compliance

NIST 800-171 and software composition analysis for defens...

How NIST 800-171 software composition analysis, DFARS 252.204-7012, and CMMC 2.0 reshape open-source risk management for defense contractors protecting CUI.

Dec 27, 20257 min read
Regulatory Compliance

FCC and CISA guidance on telecom software supply chain se...

FCC telecom software supply chain guidance now overlaps with the Covered List and CISA telecom advisories. Here's what carriers must actually track.

Dec 25, 20257 min read
Regulatory Compliance

PCI DSS 4.0 requirement 6.4.3 for e-commerce third-party ...

PCI DSS 4.0 now mandates strict controls over third-party JavaScript on payment pages. Here's what requirements 6.4.3 and 11.6.1 require and how to comply.

Dec 24, 20258 min read
Regulatory Compliance

NERC CIP-013 compliance and software supply chain risk ma...

NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.

Dec 22, 20258 min read
Regulatory Compliance

TSA pipeline cybersecurity directive and software supply ...

A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.

Dec 21, 20257 min read
Regulatory Compliance

Analysis of pickle file deserialization vulnerabilities i...

CVE-2025-32434 shows PyTorch's "safe" weights_only loading could still be bypassed for code execution — a pickle deserialization vulnerability with real supply-chain consequences.

Dec 15, 20258 min read
Regulatory Compliance

Overview of NIST's finalized post-quantum cryptography st...

NIST finalized FIPS 203, 204, and 205 in August 2024, formalizing the first NIST post-quantum standards. Here's what changes for software supply chain security teams.

Dec 14, 20257 min read
Regulatory Compliance

Building an AI governance framework for enterprise risk m...

A practical breakdown of what an AI governance framework needs to contain in 2026 — from NIST's AI RMF to EU AI Act deadlines — and how to build one that scales with engineering velocity.

Dec 6, 20257 min read
Regulatory Compliance

License and Regulatory Risk in Open Source Components

Redis, HashiCorp, and Elastic all re-licensed core projects since 2021, and new rules like the EU Cyber Resilience Act now make license and SBOM gaps a regulatory problem.

Nov 2, 20258 min read
Regulatory Compliance

Insecure Default Configurations in Applications and Frame...

Insecure default configurations caused the 2016 MongoDB ransom wave, the 2018 Tesla Kubernetes breach, and countless audit failures. Here's why defaults stay dangerous and how to fix it.

Oct 29, 20257 min read
Regulatory Compliance

DHS Software Assurance Guidance: A Review

CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.

Oct 28, 20254 min read
Regulatory Compliance (Page 8) — Supply Chain Security Blog | Safeguard