Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

AI Security

MCP Server Capability Declaration Audit

An MCP server tells the world what it can do through its capability declaration. Auditing those declarations catches drift, tool poisoning, and misconfiguration before an agent gets talked into using the wrong one.

Jan 28, 20267 min read
Compliance

CISA Secure by Design Pledge: Signatories in 2026

CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.

Jan 28, 20267 min read
Compliance

FDA Premarket Cybersecurity SBOM in 2026

What the FDA's 2026 premarket cybersecurity guidance actually requires for SBOMs, how reviewers evaluate them, and the patterns that cause 510(k) submissions to stall.

Jan 28, 20267 min read
Compliance

CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know

CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.

Jan 25, 20266 min read
Compliance

What is a Security Compliance Framework

A concrete breakdown of what security compliance frameworks are, which ones software companies actually need, and how long certification really takes.

Jan 25, 20266 min read
AI Security

FedRAMP HIGH Posture: Griffin AI vs Mythos

FedRAMP HIGH demands 421 controls with documented, continuous evidence. Griffin AI produces control-mapped records every day. Mythos-class pure-LLM tools cannot fill a 3PAO evidence package.

Jan 22, 20266 min read
Compliance

SOC 2 Type II for SaaS Startups in 2026

What a SOC 2 Type II audit actually requires in 2026, where supply chain controls now sit in the Trust Services Criteria, and how to scope a defensible first report.

Jan 22, 20265 min read
Industry Analysis

Executive Guide to Operationalizing AI Governance

A 2026 look at why AI governance policies keep failing in practice—and the five-pillar operating model executives are using to fix it.

Jan 22, 20267 min read
Compliance

CISA Secure by Design Pledge: Practical Impact

An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.

Jan 21, 20267 min read
Cloud Security

Configuring automatic key rotation in AWS KMS

A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.

Jan 18, 20268 min read
AI Security

EU CRA Readiness: Griffin AI vs Mythos

The EU Cyber Resilience Act wants mandatory vulnerability handling, SBOM delivery, and documented due diligence. Griffin AI produces those artifacts continuously. Mythos-class tools produce conversations about them.

Jan 16, 20267 min read
Compliance

EO 14028 Two Years In: What Actually Shipped

A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.

Jan 14, 20267 min read
compliance (Page 27) — Safeguard Blog