Safeguard
Tag

cisa

Safeguard articles tagged "cisa" — guides, analysis, and best practices for software supply chain and application security.

35 articles

Best Practices

What CISA's Secure by Design Pledge Actually Requires

CISA's Secure by Design pledge asks 68+ vendors for measurable one-year progress on 7 goals. Here's what those goals mean for engineering teams.

Jul 10, 20266 min read
Compliance

DHS/CISA Binding Operational Directives and supply chain cascade effects in 2026

BOD 22-01 (KEV) and BOD 23-02 (external attack surface) apply directly to federal civilian agencies, but their downstream contractual cascade into the software supply chain is now the more consequential effect.

May 13, 20268 min read
Compliance

CISA's Secure-by-Design pledge two years in: vendor commitments and procurement effects

CISA's Secure-by-Design pledge launched in April 2024 with seven voluntary goals. Two years later, signatories are publishing progress reports and procurement teams are starting to ask hard questions.

May 12, 20268 min read
Compliance

CISA Secure by Design Operational Guidance 2026

Translating CISA's Secure by Design pledge into operational engineering work in 2026, with the specific control mappings and evidence practices that hold up to audit.

May 8, 20265 min read
Regulatory Compliance

CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery

On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.

May 7, 202611 min read
Regulatory Compliance

CISA's Agentic AI Secure Adoption Guide (May 2026): What It Means for Software Supply Chains

On May 4, 2026, CISA and international partners published guidance on the secure adoption of agentic AI. We break down the named risks, the recommended controls, and how to operationalize them for AppSec and platform teams.

May 6, 202611 min read
Compliance

Secure by Design Pledge: Reading the 2026 Progress Reports

More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.

Apr 8, 20266 min read
Industry Analysis

State of CVE Disclosure and KEV in 2026

A senior-analyst view of CVE disclosure, KEV catalog growth, and the operational patterns that keep pace with them in 2026.

Mar 18, 20269 min read
Compliance

CIRCIA Final Rule: Reporting Thresholds and Covered Entities

CISA pushed the CIRCIA final rule to May 2026. We unpack the dual-track threshold structure, the 72-hour and 24-hour timers, and what the 300,000-entity scope means.

Mar 11, 20266 min read
SBOM

CISA Minimum Elements for SBOM: 2026 Update

A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.

Mar 4, 20266 min read
Application Security

What is Secure by Design

Secure by Design turns CISA's 2023 guidance and pledge into concrete practice: memory-safe code, no default passwords, and verifiable SBOMs over marketing claims.

Feb 6, 20267 min read
Compliance

CISA Secure by Design Pledge: Signatories in 2026

CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.

Jan 28, 20267 min read
cisa — Safeguard Blog