Safeguard
Tag

cisa

Safeguard articles tagged "cisa" — guides, analysis, and best practices for software supply chain and application security.

35 articles

Compliance

CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know

CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.

Jan 25, 20266 min read
Compliance

CISA Secure by Design Pledge: Practical Impact

An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.

Jan 21, 20267 min read
Compliance

EO 14028 Two Years In: What Actually Shipped

A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.

Jan 14, 20267 min read
Regulatory Compliance

FCC and CISA guidance on telecom software supply chain se...

FCC telecom software supply chain guidance now overlaps with the Covered List and CISA telecom advisories. Here's what carriers must actually track.

Dec 25, 20257 min read
Regulatory Compliance

DHS Software Assurance Guidance: A Review

CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.

Oct 28, 20254 min read
Compliance

CISA's Software Identification Ecosystem: What You Need to Know

CISA is building a comprehensive software identification ecosystem that ties SBOMs, vulnerabilities, and procurement together. Here is what it means for software producers and consumers.

Oct 10, 20256 min read
Regulation

CIRCIA Final Rule Slips to May 2026: What Changes

CISA pushed the CIRCIA final rule deadline from October 2025 to May 2026, citing 24,000 public comments and harmonization work with other federal cyber reporting frameworks.

Oct 2, 20255 min read
Industry

CISA Secure by Design Pledge: Reading the One-Year Progress Reports

The CISA Secure by Design pledge crossed its one-year mark in May 2025 with over 150 signatories. We analyze the published progress reports and where vendors are quietly falling short.

Jun 4, 20257 min read
Threat Intelligence

CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation

The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.

Mar 18, 20255 min read
Incident Analysis

American Water Cyberattack: Largest U.S. Utility Forced Offline

American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.

Feb 26, 20256 min read
Compliance & Frameworks

CISA's SBOM Sharing Lifecycle: A Framework for Practical Adoption

CISA releases updated guidance on SBOM sharing practices, addressing the full lifecycle from generation to consumption across supplier and buyer relationships.

Oct 15, 20246 min read
Industry Analysis

Critical Infrastructure Software Supply Chain

How the 16 critical infrastructure sectors are absorbing software supply chain obligations under PPD-21, NSM-22, and CISA's emerging frameworks.

Apr 28, 20247 min read
cisa (Page 2) — Safeguard Blog