compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
EU Cyber Resilience Act: Your SBOM Obligations
The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.
How to configure AWS Config for continuous compliance mon...
A step-by-step guide to configure AWS Config compliance monitoring: rules setup, conformance packs, alerting, remediation, and multi-account aggregation.
How to meet SOC 2 audit logging requirements
A step-by-step guide to meeting SOC 2 audit logging requirements: what to log, retention, access controls, alerting, and how to verify your controls before an audit.
Open Source License Management: Tools and Workflow
A practical breakdown of how mature engineering teams do license management open source style: scanning dependency trees, classifying license risk, and building a workflow that does not slow releases down.
EU Cyber Resilience Act Enforcement Timeline 2026
The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.
ISO/IEC 42001: AI Management Systems Reach Adoption Critical Mass
ISO/IEC 42001:2023 went from new-standard status to enterprise compliance benchmark in 2025, with major SaaS vendors certifying and the EU AI Act referencing it as a harmonized pathway.
NIS2 in Spain: The Delayed Transposition and Commission Reasoned Opinion
Spain's draft NIS2 law was approved by the Council of Ministers on 14 January 2025, but had not been published in the BOE by January 2026, triggering Commission action.
How to set up an incident response plan
A practical guide to building an incident response plan for software supply chain security, with a ready-to-use playbook template and concrete detection steps.
How to set up AWS Organizations Service Control Policies
A practical, command-by-command guide to AWS Organizations SCP setup — from enabling policy types to real guardrail examples, rollout, and troubleshooting.
What is Secure by Default
Secure by default means software ships in its safest state out of the box. See real breaches, standards, and pledges driving this shift.
ISO 27001 Mapping: Griffin AI vs Mythos
ISO 27001 Annex A has 93 controls in the 2022 revision, each needing documented evidence. Griffin AI emits records that map cleanly. Mythos-class pure-LLM tools force control owners to narrate.
Federal Agency FedRAMP Evidence Pack in 30 Days
An anonymized look at how a US federal civilian agency assembled a complete FedRAMP High supply chain evidence pack in 30 days using Safeguard.