Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Regulatory Compliance

Executive Order 14028 at the Two-Year Mark

Two years after Executive Order 14028 on federal cybersecurity, the operational impact is clearer. What actually changed, what stalled, and what is coming in year three.

Nov 5, 20236 min read
Compliance

CMMC 2.0 and Software Supply Chain Security: A Practical Guide

CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.

Nov 5, 20236 min read
Compliance & Regulations

CISA's Secure by Default: Shifting Responsibility to Software Manufacturers

CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.

Nov 1, 20235 min read
Vulnerability Management

Vulnerability Remediation SLAs: Best Practices for Real Teams

Setting vulnerability remediation deadlines is easy. Actually meeting them is hard. This guide covers practical SLA frameworks that balance security urgency with engineering reality.

Aug 15, 20238 min read
SBOM & Compliance

How to Structure an SBOM Review Process

Build a repeatable SBOM review workflow that catches license risks, stale dependencies, and unexpected components before they ship to customers.

Jul 18, 20235 min read
Compliance & Regulations

EU Cyber Resilience Act: Impact on Software Developers and Open Source

The EU's Cyber Resilience Act will impose mandatory cybersecurity requirements on all software sold in Europe. Here's what developers need to know.

Jun 5, 20236 min read
Industry Guides

Legal Tech Software Security and Compliance Considerations

Law firms and legal tech companies handle privileged data through increasingly complex software. Here's how to manage the software supply chain risk.

May 25, 20237 min read
Regulatory Compliance

NIST SSDF v1.1: Practical Adoption Notes

NIST SP 800-218 became the de facto baseline for federal software attestation in 2023. Here is how to adopt SSDF v1.1 without drowning in paperwork.

May 15, 20235 min read
Industry Guides

SBOM Requirements for Financial Services: What You Need to Know

Financial regulators are tightening software transparency requirements. Here's what banks, fintechs, and financial institutions need to know about SBOMs.

May 10, 20237 min read
Software Supply Chain Security

SBOMs for SaaS Products: What Customers Are Starting to Demand

SBOMs were originally for on-premises software. Now SaaS customers are asking for them too. Here is what that means and how to respond.

May 8, 20234 min read
Application Security

Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use

Data exposure is not just about encryption. It is about knowing where your sensitive data lives, how it moves, and who can access it at every stage.

Jan 15, 20236 min read
Tool Reviews

FOSSA Review: Open Source License Compliance at Enterprise Scale

A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.

Dec 8, 20226 min read
compliance (Page 35) — Safeguard Blog