compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
Executive Order 14028 at the Two-Year Mark
Two years after Executive Order 14028 on federal cybersecurity, the operational impact is clearer. What actually changed, what stalled, and what is coming in year three.
CMMC 2.0 and Software Supply Chain Security: A Practical Guide
CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.
CISA's Secure by Default: Shifting Responsibility to Software Manufacturers
CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.
Vulnerability Remediation SLAs: Best Practices for Real Teams
Setting vulnerability remediation deadlines is easy. Actually meeting them is hard. This guide covers practical SLA frameworks that balance security urgency with engineering reality.
How to Structure an SBOM Review Process
Build a repeatable SBOM review workflow that catches license risks, stale dependencies, and unexpected components before they ship to customers.
EU Cyber Resilience Act: Impact on Software Developers and Open Source
The EU's Cyber Resilience Act will impose mandatory cybersecurity requirements on all software sold in Europe. Here's what developers need to know.
Legal Tech Software Security and Compliance Considerations
Law firms and legal tech companies handle privileged data through increasingly complex software. Here's how to manage the software supply chain risk.
NIST SSDF v1.1: Practical Adoption Notes
NIST SP 800-218 became the de facto baseline for federal software attestation in 2023. Here is how to adopt SSDF v1.1 without drowning in paperwork.
SBOM Requirements for Financial Services: What You Need to Know
Financial regulators are tightening software transparency requirements. Here's what banks, fintechs, and financial institutions need to know about SBOMs.
SBOMs for SaaS Products: What Customers Are Starting to Demand
SBOMs were originally for on-premises software. Now SaaS customers are asking for them too. Here is what that means and how to respond.
Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use
Data exposure is not just about encryption. It is about knowing where your sensitive data lives, how it moves, and who can access it at every stage.
FOSSA Review: Open Source License Compliance at Enterprise Scale
A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.