compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
FedRAMP Meets STIG: Practical Mapping
FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.
CISA's SBOM Sharing Lifecycle: A Framework for Practical Adoption
CISA releases updated guidance on SBOM sharing practices, addressing the full lifecycle from generation to consumption across supplier and buyer relationships.
State and Local Government SBOM Mandates
States and cities are adopting SBOM requirements faster than most vendors have noticed. A survey of where the mandates sit and what they actually require.
Apache License 2.0 Explained: Permissions, Conditions, and Commercial Use
What the Apache License 2.0 lets you do, what it requires (attribution, NOTICE, change marking), and why its patent grant matters for commercial software.
What is an SBOM Drift
SBOM drift is the gap between what your software bill of materials claims and what the artifact actually contains. Here's how it happens and how to detect it with a diff.
Safeguard v3: Compliance-First Supply Chain Security
Safeguard v3 adds compliance framework mapping, automated evidence collection, audit-ready reporting, and VEX document support for regulatory readiness.
SBOM Adoption in 2024: Enterprise Survey Results and Reality Check
Despite growing regulatory pressure, enterprise SBOM adoption remains uneven. A look at where organizations actually stand with SBOM generation, consumption, and operationalization.
PCI DSS Meets SBOM Requirements
PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.
CCPA Meets Software Supply Chain
CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.
Compliance Automation Tools Compared: What Actually Reduces Audit Pain in 2024
The compliance automation market is crowded with platforms promising to make audits painless. Here is an honest comparison of what works, what does not, and where supply chain compliance fits in.
Aviation RTCA DO-326A and the Software Supply Chain
How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.
GDPR Meets CRA: Software Overlap
GDPR Article 32 and the EU Cyber Resilience Act look like separate regimes, but for any software handling personal data they converge at the component level. Here's where they overlap and where they diverge.