cisa
Safeguard articles tagged "cisa" — guides, analysis, and best practices for software supply chain and application security.
35 articles
What CISA's Secure by Design Pledge Actually Requires
CISA's Secure by Design pledge asks 68+ vendors for measurable one-year progress on 7 goals. Here's what those goals mean for engineering teams.
DHS/CISA Binding Operational Directives and supply chain cascade effects in 2026
BOD 22-01 (KEV) and BOD 23-02 (external attack surface) apply directly to federal civilian agencies, but their downstream contractual cascade into the software supply chain is now the more consequential effect.
CISA's Secure-by-Design pledge two years in: vendor commitments and procurement effects
CISA's Secure-by-Design pledge launched in April 2024 with seven voluntary goals. Two years later, signatories are publishing progress reports and procurement teams are starting to ask hard questions.
CISA Secure by Design Operational Guidance 2026
Translating CISA's Secure by Design pledge into operational engineering work in 2026, with the specific control mappings and evidence practices that hold up to audit.
CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery
On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.
CISA's Agentic AI Secure Adoption Guide (May 2026): What It Means for Software Supply Chains
On May 4, 2026, CISA and international partners published guidance on the secure adoption of agentic AI. We break down the named risks, the recommended controls, and how to operationalize them for AppSec and platform teams.
Secure by Design Pledge: Reading the 2026 Progress Reports
More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.
State of CVE Disclosure and KEV in 2026
A senior-analyst view of CVE disclosure, KEV catalog growth, and the operational patterns that keep pace with them in 2026.
CIRCIA Final Rule: Reporting Thresholds and Covered Entities
CISA pushed the CIRCIA final rule to May 2026. We unpack the dual-track threshold structure, the 72-hour and 24-hour timers, and what the 300,000-entity scope means.
CISA Minimum Elements for SBOM: 2026 Update
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
What is Secure by Design
Secure by Design turns CISA's 2023 guidance and pledge into concrete practice: memory-safe code, no default passwords, and verifiable SBOMs over marketing claims.
CISA Secure by Design Pledge: Signatories in 2026
CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.