Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Compliance

What is the OWASP Software Assurance Maturity Model (SAMM)

A concrete breakdown of OWASP SAMM's 5 functions, 15 practices, and 30 streams, how its maturity levels work, and how it compares to BSIMM.

Feb 25, 20267 min read
Compliance

SOC 2 Type II

What is SOC 2 Type II? A clear breakdown of the audit report, Trust Services Criteria, and how it differs from Type I — with real audit examples.

Feb 23, 20267 min read
Compliance

CIS Benchmarks

A precise definition of CIS Benchmarks, how they differ from CIS Controls, and what compliance scanning against them looks like in real environments.

Feb 23, 20267 min read
AI Security

HIPAA Supply Chain Controls: Griffin AI vs Mythos

HIPAA's software supply chain expectations have sharpened in 2025-2026. Evidence generation is the difference between passing an audit and rerunning it.

Feb 22, 20265 min read
Compliance

Federal Software Procurement and SBOM Requirements: A Vendor's Playbook

If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.

Feb 22, 20266 min read
Vulnerability Management

CISA KEV catalog

The CISA KEV catalog lists vulnerabilities with confirmed real-world exploitation. Here's what it is, how entries get added, deadlines, and remediation rules.

Feb 22, 20267 min read
Compliance

NIST SSDF Audit: What Auditors Actually Check

A practical walkthrough of what NIST Secure Software Development Framework audits look like in 2026, where evidence gaps show up, and how to prepare without burning out engineering.

Feb 18, 20266 min read
Best Practices

What is Encryption

Encryption converts readable data into ciphertext using algorithms and keys. Here's how AES, RSA, and TLS actually work — and where implementations fail.

Feb 18, 20266 min read
Cloud Security

How to set up AWS CloudTrail logging

A step-by-step guide to setting up AWS CloudTrail logging, enabling it across all regions, validating log integrity, and building a solid audit logging setup.

Feb 16, 20267 min read
Best Practices

What is Multi-Factor Authentication (MFA)

MFA blocks over 99% of credential-based attacks, but Uber, Cisco, and Twilio breaches show how push-bombing and AiTM phishing still get around it.

Feb 15, 20266 min read
AI Security

PCI DSS 4.0 Alignment: Griffin AI vs Mythos

PCI DSS 4.0 raised the evidence bar for software security, supplier management, and continuous assurance. Griffin AI meets the new requirements with persisted records. Mythos-class pure-LLM tools leave QSAs asking for artifacts.

Feb 14, 20267 min read
Architecture

Multi-Tenant Isolation for FedRAMP HIGH

How Safeguard achieves hard multi-tenant isolation in a platform that meets FedRAMP HIGH — the boundaries, the proofs, and the trade-offs we accepted.

Feb 14, 20268 min read
compliance (Page 24) — Safeguard Blog