Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Compliance

NIS2 Directive compliance for software vendors

NIS2 became enforceable October 17, 2024, and Article 21 now requires software vendors to prove SBOM, CVE remediation, and disclosure practices to EU customers.

May 10, 20266 min read
Compliance

CISA's Secure by Design pledge explained

CISA's voluntary Secure by Design pledge has grown from 68 signatories to 300+, but it's unverified and self-reported. Here's what the seven goals really require.

May 10, 20267 min read
Compliance

SEC cybersecurity disclosure rules for public companies

The SEC's 2023 rules give public companies four business days to disclose material cyber incidents. Here's what triggers the clock, and how supply chain visibility keeps you compliant.

May 10, 20267 min read
Compliance

CISA Secure by Design Operational Guidance 2026

Translating CISA's Secure by Design pledge into operational engineering work in 2026, with the specific control mappings and evidence practices that hold up to audit.

May 8, 20265 min read
Compliance

FDA SBOM requirements for medical device software

Since Oct 2023 the FDA can reject medical device submissions missing a compliant SBOM. Here's what Section 524B actually requires, in plain terms.

May 8, 20267 min read
Compliance

Audit-readiness for open source usage policies

What auditors actually ask for in an open source usage policy review, what triggers it, and the evidence gaps that turn a written policy into a finding.

May 8, 20266 min read
Compliance

CMMC compliance for software vendors

CMMC 2.0 is now contractually mandatory across the DoD supply chain. Here's what software vendors must know about levels, deadlines, costs, and SBOMs.

May 7, 20267 min read
Compliance

Board-level reporting on application security risk

Boards now face legal disclosure deadlines on cyber risk. Here's what belongs in a board-level appsec report, how often to deliver it, and what the SEC and NYDFS require.

May 7, 20267 min read
Compliance

Cyber insurance requirements for application security programs

Cyber insurers now require SBOMs, patch SLAs, and audit trails for AppSec programs. Here's what carriers actually ask for and how to pass renewal.

May 7, 20266 min read
Compliance

NIS2 in the Netherlands: Cyberbeveiligingswet Adoption in April 2026

The Dutch Parliament approved the Cyberbeveiligingswet on 15 April 2026, with target entry into force on 1 July 2026 — 21 months after the EU transposition deadline.

May 6, 20267 min read
Buyer's Guides

Safeguard vs Aikido Security: which is the better fit?

Safeguard vs Aikido Security compared on product scope, SBOM depth, pipeline enforcement, and compliance, so you can pick the platform that fits your risk.

May 6, 20268 min read
Compliance

Does AI pentesting satisfy SOC 2, ISO 27001, HIPAA or PCI...

AI-powered pentesting promises fast compliance checkmarks, but SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0 auditors require more than an automated scan report.

May 4, 20267 min read
compliance (Page 11) — Safeguard Blog