cisa
Safeguard articles tagged "cisa" — guides, analysis, and best practices for software supply chain and application security.
35 articles
CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know
CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.
CISA Secure by Design Pledge: Practical Impact
An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.
EO 14028 Two Years In: What Actually Shipped
A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.
FCC and CISA guidance on telecom software supply chain se...
FCC telecom software supply chain guidance now overlaps with the Covered List and CISA telecom advisories. Here's what carriers must actually track.
DHS Software Assurance Guidance: A Review
CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.
CISA's Software Identification Ecosystem: What You Need to Know
CISA is building a comprehensive software identification ecosystem that ties SBOMs, vulnerabilities, and procurement together. Here is what it means for software producers and consumers.
CIRCIA Final Rule Slips to May 2026: What Changes
CISA pushed the CIRCIA final rule deadline from October 2025 to May 2026, citing 24,000 public comments and harmonization work with other federal cyber reporting frameworks.
CISA Secure by Design Pledge: Reading the One-Year Progress Reports
The CISA Secure by Design pledge crossed its one-year mark in May 2025 with over 150 signatories. We analyze the published progress reports and where vendors are quietly falling short.
CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation
The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.
American Water Cyberattack: Largest U.S. Utility Forced Offline
American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.
CISA's SBOM Sharing Lifecycle: A Framework for Practical Adoption
CISA releases updated guidance on SBOM sharing practices, addressing the full lifecycle from generation to consumption across supplier and buyer relationships.
Critical Infrastructure Software Supply Chain
How the 16 critical infrastructure sectors are absorbing software supply chain obligations under PPD-21, NSM-22, and CISA's emerging frameworks.