Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

432 articles

Cloud Security

Designing tamper-evident CloudTrail logging across an AWS organization

AWS CloudTrail's default event history holds only 90 days. A centralized, hash-validated org trail is what actually survives an incident or an audit.

Jul 15, 20267 min read
Compliance & Frameworks

Security compliance frameworks cheat sheet: SOC 2, ISO 27001, PCI DSS, HIPAA

SOC 2, ISO 27001, PCI DSS 4.0, and HIPAA share roughly the same engineering controls — build them once and stop re-implementing access control four times.

Jul 13, 20267 min read
Compliance & Frameworks

FedRAMP Moderate: What It Actually Requires From Your Security Architecture

FedRAMP Moderate maps to roughly 300 NIST 800-53 controls — and FedRAMP 20x is now replacing the old triennial paperwork cycle with continuous evidence.

Jul 10, 20267 min read
Compliance & Frameworks

What healthtech AppSec needs beyond generic security practices

242.9 million records were exposed in 2024 HIPAA breaches. Generic AppSec checklists don't satisfy FDA premarket SBOM rules or a pending HIPAA rewrite.

Jul 10, 20266 min read
Best Practices

What CISA's Secure by Design Pledge Actually Requires

CISA's Secure by Design pledge asks 68+ vendors for measurable one-year progress on 7 goals. Here's what those goals mean for engineering teams.

Jul 10, 20266 min read
DevSecOps

The DevSecOps metrics that actually indicate program maturity

CISA's KEV directive now demands 3-day fixes for the riskiest bugs. Here's why raw finding counts are the wrong way to measure a DevSecOps program.

Jul 9, 20267 min read
Compliance & Frameworks

A Practical Guide to EU Cyber Resilience Act Compliance

The CRA's 24-hour vulnerability reporting clock starts 11 September 2026. Here's how to build the SDLC changes now instead of scrambling later.

Jul 9, 20266 min read
Compliance & Frameworks

A HIPAA technical safeguards checklist for application security teams

HHS reported 663 large healthcare breaches in 2024 exposing 242.9M records. Here's how §164.312's technical safeguards map to concrete app-sec controls.

Jul 9, 20267 min read
Compliance

The 2026 SBOM compliance guide: where a software bill of materials is now required

SBOM requirements have spread from a single US executive order to regulations across sectors and continents. Here's a framework-by-framework map of where you need one in 2026.

Jul 8, 20265 min read
Compliance

CCPA and CPRA for Developers: What the Code Actually Has to Do

California's privacy laws are usually framed as a legal problem, but honoring opt-outs, deleting data, and maintaining reasonable security are engineering problems. Here's the developer's view of CCPA and CPRA.

Jul 8, 20266 min read
FAQ

Data Residency and Security: FAQ

Where your data lives, what actually leaves your boundary, region pinning, customer-held keys, and how residency differs from sovereignty in a security platform.

Jul 8, 20265 min read
Compliance

DORA compliance for financial services: the software supply chain angle

The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.

Jul 8, 20265 min read
compliance — Safeguard Blog