Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Regulatory Compliance

CMMC Level 2 Supply Chain Control Evidence

CMMC Level 2 assessments demand structured evidence for the SR family and adjacent controls. Learn how to produce assessor-ready supply chain artifacts.

Feb 27, 20267 min read
AI Security

Enterprise AI Data Residency Requirements, 2026

Data residency for AI workloads has moved from nice-to-have to contractually required. The shape of the requirement is specific and worth knowing before procurement.

Feb 27, 20262 min read
SBOM & Compliance

Signed SBOMs As Procurement Leverage

Unsigned SBOMs are paperwork. Signed SBOMs with in-toto attestations are leverage. Here is how mature procurement programmes use signing to harden vendor relationships.

Feb 27, 20267 min read
Compliance

What is ISO 27001

ISO 27001 is the international ISMS standard with 93 Annex A controls. Here's what it requires, who needs it, and what it costs to certify.

Feb 27, 20267 min read
Compliance

What is the NIST Cybersecurity Framework

A breakdown of the NIST Cybersecurity Framework's six functions, its 2024 update, and why GV.SC makes it central to software supply chain security.

Feb 27, 20267 min read
Standards

NIST SSDF 1.2 Draft: What the Comment Period Revealed

NIST opened public comment on SP 800-218r1 SSDF v1.2 on December 17, 2025. The draft adds AI development practices, refines supply-chain controls, and aligns with EO 14306.

Feb 26, 20267 min read
Compliance

What is FedRAMP

FedRAMP governs how federal agencies vet cloud software. Here's what it requires, what it costs, how long it takes, and what FedRAMP 20x changes.

Feb 26, 20267 min read
Compliance

What is the NIST Secure Software Development Framework (SSDF)

NIST SSDF (SP 800-218) explained: its four practice groups, the EO 14028 origin, federal attestation deadlines, and how it differs from SLSA and SP 800-53.

Feb 26, 20266 min read
Compliance

What is Executive Order 14028

EO 14028 forced federal software vendors to prove what's in their code. Here's what it requires, who it binds, and what's changed since 2021.

Feb 26, 20266 min read
Compliance

What is a Security Policy

A security policy is the documented, executive-approved rulebook auditors test against — here's what belongs in one, how often to review it, and what breaks when it isn't enforced.

Feb 25, 20268 min read
Compliance

DORA for Financial Services Software Supply Chain

How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.

Feb 25, 20266 min read
Compliance

What is a Security Risk Assessment

A security risk assessment ranks real business risk, not raw CVE counts. Here's what it involves, how often it's required, and how it differs from scanning.

Feb 25, 20266 min read
compliance (Page 23) — Safeguard Blog