Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Compliance

Latin America's Evolving Cybersecurity Regulations and Supply Chain Implications

From Brazil's LGPD to Mexico's cybersecurity reforms, Latin America is building a regulatory framework that will reshape how organizations manage software supply chain risk across the region.

Apr 8, 20246 min read
Regulatory Compliance

PCI DSS 4.0 Software Security Requirements

PCI DSS 4.0 became mandatory on March 31, 2024, overhauling software security, SBOM visibility, and supply chain controls for every entity that touches cardholder data.

Mar 31, 20245 min read
SBOM & Compliance

SLSA Build L1 to L3 Migration Playbook

Moving from SLSA Build L1 to L3 is less a single upgrade and more a series of hardening steps. Here is the playbook we use with customers, mapped to the v1.0 specification.

Mar 25, 20247 min read
Regulatory Compliance

SOC 2 Meets SSDF: A Practical Mapping

SOC 2 auditors are starting to ask about secure development practices. Here's how to map NIST SSDF tasks onto SOC 2 Trust Services Criteria without duplicating work.

Mar 18, 20246 min read
Compliance

NIST Cybersecurity Framework 2.0: What Changed and Why It Matters

NIST CSF 2.0 introduces a new Govern function and expands supply chain risk management. Here's what security teams need to know.

Feb 26, 20246 min read
Compliance

What Is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework is a voluntary set of standards organized around five (now six) functions — here's what it actually is and how organizations use it.

Feb 20, 20244 min read
Compliance

Supply Chain Incident Notification Laws: A Global Overview

Governments worldwide are mandating supply chain incident disclosure. Here is what organizations need to know about notification requirements across major jurisdictions.

Feb 18, 20246 min read
Best Practices

The Annual Vendor Security Review Cadence

A complete timeline and workflow for running the annual vendor security review cycle, staffed sustainably, with clear deliverables and audit-ready evidence.

Feb 6, 20246 min read
Compliance

SBOMs for Defense Contractors: Aligning with CMMC and DoD Requirements

Defense contractors face unique SBOM challenges. This guide covers CMMC alignment, DFARS clauses, and practical steps to meet DoD software supply chain requirements.

Jan 28, 20246 min read
SBOM

SBOM for Fintech Startups: Compliance and Security from Day One

Fintech startups face intense regulatory scrutiny from the start. SBOMs are not just good practice — they are becoming a regulatory expectation that investors and partners demand.

Jan 28, 20245 min read
Vulnerability Management

Vulnerability SLA Compliance Tracking That Actually Works

Most organizations define vulnerability SLAs and then fail to meet them. The problem is not motivation. It is measurement and process.

Jan 12, 20245 min read
Compliance & Regulations

Federal SBOM Mandate: Compliance Deadlines and What They Mean for Vendors

Federal agencies are tightening SBOM requirements for software suppliers. Here's what vendors need to know about compliance deadlines, attestation requirements, and practical implementation.

Dec 1, 20235 min read
compliance (Page 34) — Safeguard Blog