Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Regulatory Compliance

FedRAMP Meets STIG: Practical Mapping

FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.

Oct 18, 20246 min read
Compliance & Frameworks

CISA's SBOM Sharing Lifecycle: A Framework for Practical Adoption

CISA releases updated guidance on SBOM sharing practices, addressing the full lifecycle from generation to consumption across supplier and buyer relationships.

Oct 15, 20246 min read
Regulatory Compliance

State and Local Government SBOM Mandates

States and cities are adopting SBOM requirements faster than most vendors have noticed. A survey of where the mandates sit and what they actually require.

Oct 15, 20247 min read
Licensing

Apache License 2.0 Explained: Permissions, Conditions, and Commercial Use

What the Apache License 2.0 lets you do, what it requires (attribution, NOTICE, change marking), and why its patent grant matters for commercial software.

Oct 8, 20247 min read
Concepts

What is an SBOM Drift

SBOM drift is the gap between what your software bill of materials claims and what the artifact actually contains. Here's how it happens and how to detect it with a diff.

Oct 8, 20247 min read
Release

Safeguard v3: Compliance-First Supply Chain Security

Safeguard v3 adds compliance framework mapping, automated evidence collection, audit-ready reporting, and VEX document support for regulatory readiness.

Oct 1, 20246 min read
SBOM

SBOM Adoption in 2024: Enterprise Survey Results and Reality Check

Despite growing regulatory pressure, enterprise SBOM adoption remains uneven. A look at where organizations actually stand with SBOM generation, consumption, and operationalization.

Oct 1, 20246 min read
Regulatory Compliance

PCI DSS Meets SBOM Requirements

PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.

Sep 14, 20246 min read
Regulatory Compliance

CCPA Meets Software Supply Chain

CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.

Aug 28, 20247 min read
Compliance

Compliance Automation Tools Compared: What Actually Reduces Audit Pain in 2024

The compliance automation market is crowded with platforms promising to make audits painless. Here is an honest comparison of what works, what does not, and where supply chain compliance fits in.

Aug 10, 20245 min read
Regulatory Compliance

Aviation RTCA DO-326A and the Software Supply Chain

How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.

Aug 8, 20247 min read
Regulatory Compliance

GDPR Meets CRA: Software Overlap

GDPR Article 32 and the EU Cyber Resilience Act look like separate regimes, but for any software handling personal data they converge at the component level. Here's where they overlap and where they diverge.

Jul 22, 20247 min read
compliance (Page 32) — Safeguard Blog