compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
MCP Server Capability Declaration Audit
An MCP server tells the world what it can do through its capability declaration. Auditing those declarations catches drift, tool poisoning, and misconfiguration before an agent gets talked into using the wrong one.
CISA Secure by Design Pledge: Signatories in 2026
CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.
FDA Premarket Cybersecurity SBOM in 2026
What the FDA's 2026 premarket cybersecurity guidance actually requires for SBOMs, how reviewers evaluate them, and the patterns that cause 510(k) submissions to stall.
CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know
CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.
What is a Security Compliance Framework
A concrete breakdown of what security compliance frameworks are, which ones software companies actually need, and how long certification really takes.
FedRAMP HIGH Posture: Griffin AI vs Mythos
FedRAMP HIGH demands 421 controls with documented, continuous evidence. Griffin AI produces control-mapped records every day. Mythos-class pure-LLM tools cannot fill a 3PAO evidence package.
SOC 2 Type II for SaaS Startups in 2026
What a SOC 2 Type II audit actually requires in 2026, where supply chain controls now sit in the Trust Services Criteria, and how to scope a defensible first report.
Executive Guide to Operationalizing AI Governance
A 2026 look at why AI governance policies keep failing in practice—and the five-pillar operating model executives are using to fix it.
CISA Secure by Design Pledge: Practical Impact
An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.
Configuring automatic key rotation in AWS KMS
A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.
EU CRA Readiness: Griffin AI vs Mythos
The EU Cyber Resilience Act wants mandatory vulnerability handling, SBOM delivery, and documented due diligence. Griffin AI produces those artifacts continuously. Mythos-class tools produce conversations about them.
EO 14028 Two Years In: What Actually Shipped
A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.