Standards
In-depth guides and analysis on standards from the Safeguard engineering team.
8 articles
NIST SSDF 1.2 Draft: What the Comment Period Revealed
NIST opened public comment on SP 800-218r1 SSDF v1.2 on December 17, 2025. The draft adds AI development practices, refines supply-chain controls, and aligns with EO 14306.
ISO/IEC 42001: AI Management Systems Reach Adoption Critical Mass
ISO/IEC 42001:2023 went from new-standard status to enterprise compliance benchmark in 2025, with major SaaS vendors certifying and the EU AI Act referencing it as a harmonized pathway.
ISA-TR62443-2-2-2025: Security Protection Schemes for IACS
The ISA released TR62443-2-2-2025 in December 2025, giving industrial operators actionable guidance for designing and validating a Security Protection Scheme. Here is what changed in OT defender practice.
CycloneDX 1.7 Ratified as ECMA-424 2nd Edition (December 2025)
CycloneDX v1.7 was adopted as ECMA-424, 2nd Edition by the Ecma General Assembly in December 2025. We unpack citations, cryptographic assets, and distribution constraints.
CycloneDX 1.7 Deep Dive: Cryptography, Citations, and Patents
CycloneDX 1.7 released in October 2025 with first-class cryptography metadata, a new Citations element, and patent-aware IP fields. We walk through what changed and which producers should adopt now.
NIST SP 800-53 Release 5.2.0: Three New Controls You Cannot Ignore
NIST released SP 800-53 5.2.0 on August 27, 2025 with three new controls focused on patch root-cause analysis, structured logging, and cyber resiliency. Here is what it means for compliance teams.
SPDX 3.0.1: The Patch Release That Cleared ISO and OMG Submission
SPDX 3.0.1 was announced on December 27, 2024, bundling fixes from 3.0.0 implementation and the edits required for OMG SPDX/3.0 and ISO/IEC submission.
Cryptographic Bill of Materials (CBOM): The Next Frontier
Post-quantum cryptography migration requires knowing what cryptographic algorithms your software uses. CBOMs provide that inventory. Here is what they are and why they matter.