compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
What is the OWASP Software Assurance Maturity Model (SAMM)
A concrete breakdown of OWASP SAMM's 5 functions, 15 practices, and 30 streams, how its maturity levels work, and how it compares to BSIMM.
SOC 2 Type II
What is SOC 2 Type II? A clear breakdown of the audit report, Trust Services Criteria, and how it differs from Type I — with real audit examples.
CIS Benchmarks
A precise definition of CIS Benchmarks, how they differ from CIS Controls, and what compliance scanning against them looks like in real environments.
HIPAA Supply Chain Controls: Griffin AI vs Mythos
HIPAA's software supply chain expectations have sharpened in 2025-2026. Evidence generation is the difference between passing an audit and rerunning it.
Federal Software Procurement and SBOM Requirements: A Vendor's Playbook
If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.
CISA KEV catalog
The CISA KEV catalog lists vulnerabilities with confirmed real-world exploitation. Here's what it is, how entries get added, deadlines, and remediation rules.
NIST SSDF Audit: What Auditors Actually Check
A practical walkthrough of what NIST Secure Software Development Framework audits look like in 2026, where evidence gaps show up, and how to prepare without burning out engineering.
What is Encryption
Encryption converts readable data into ciphertext using algorithms and keys. Here's how AES, RSA, and TLS actually work — and where implementations fail.
How to set up AWS CloudTrail logging
A step-by-step guide to setting up AWS CloudTrail logging, enabling it across all regions, validating log integrity, and building a solid audit logging setup.
What is Multi-Factor Authentication (MFA)
MFA blocks over 99% of credential-based attacks, but Uber, Cisco, and Twilio breaches show how push-bombing and AiTM phishing still get around it.
PCI DSS 4.0 Alignment: Griffin AI vs Mythos
PCI DSS 4.0 raised the evidence bar for software security, supplier management, and continuous assurance. Griffin AI meets the new requirements with persisted records. Mythos-class pure-LLM tools leave QSAs asking for artifacts.
Multi-Tenant Isolation for FedRAMP HIGH
How Safeguard achieves hard multi-tenant isolation in a platform that meets FedRAMP HIGH — the boundaries, the proofs, and the trade-offs we accepted.