Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

SQL Injection Prevention in C# with Entity Framework/LINQ

EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.

Oct 26, 20258 min read
Regulatory Compliance

ISO 27001:2022 Transition Deadline: The Approach

The October 31, 2025 ISO/IEC 27001:2022 transition deadline is weeks away. Here's what auditors will look for in Annex A controls, statements of applicability, and evidence packs.

Oct 15, 20255 min read
Regulatory Compliance

The HIPAA Security Rule Update and Your Supply Chain

HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.

Sep 15, 20255 min read
Regulatory Compliance

EU NIS2 Directive: Enforcement at One Year

Twelve months after the NIS2 transposition deadline, enforcement is uneven, fines are real, and software supply chain obligations are starting to bite.

Aug 15, 20254 min read
Regulatory Compliance

Governance Frameworks Emerging for AI-Assisted Software D...

NIST, ISO 42001, and the EU AI Act now shape how teams must govern AI-generated code. Here's what an AI code governance framework actually requires in practice.

Aug 6, 20258 min read
Regulatory Compliance

Japan AMED Software Supply Chain Guidance Overview

Japan's AMED, METI, and PMDA guidance now converges on SBOMs and supply chain controls, reshaping how medical and industrial software is built, shipped, and maintained.

Jun 25, 20255 min read
Regulatory Compliance

OWASP ASVS 5.0 Adoption Guide

OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.

Jun 3, 20256 min read
Regulatory Compliance

Oracle Critical Control Baseline: Regulatory Impact

Oracle's February 2025 Critical Control Baseline for critical infrastructure customers reshapes SCRM obligations. Here's what legal and security teams must know.

Mar 25, 20255 min read
Regulatory Compliance

FedRAMP Continuous Monitoring Automation Playbook

FedRAMP 20x demands real-time ConMon. Here's how to automate monthly POA&M, vulnerability deviation, and SBOM attestation without a 20-person team.

Mar 12, 20255 min read
Regulatory Compliance

Canadian Cyber Centre Supply Chain Guidance

The CCCS's 2024-2025 supply chain guidance and Bill C-26 reshape Canada's expectations for SBOMs, vendor assurance, and protection of critical cyber systems.

Feb 18, 20255 min read
Regulatory Compliance

DORA Operational Resilience: Software Implications

DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.

Jan 17, 20255 min read
Regulatory Compliance

Digital Health HIPAA Supply Chain Intersection

Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.

Dec 22, 20247 min read
Regulatory Compliance (Page 9) — Supply Chain Security Blog | Safeguard