Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Compliance & Regulations

The SBOM Maturity Model: A Practical Roadmap for Enterprise Adoption

Most organizations are still at SBOM Level 0. Here's a five-level maturity model to guide your journey from no SBOMs to full supply chain transparency.

Oct 20, 20226 min read
Compliance

SOX Compliance in Software Development: The Supply Chain Angle

Sarbanes-Oxley requirements for internal controls extend into software development and supply chain integrity. Here's the connection most teams miss.

Sep 18, 20226 min read
Compliance

Software Transparency and the EU Cyber Resilience Act

The EU Cyber Resilience Act is rewriting the rules for software sold in Europe. Mandatory vulnerability handling, SBOM requirements, and security-by-design obligations are coming for every vendor.

Sep 15, 20228 min read
Regulatory Compliance

SLSA vs SSDF vs S2C2F: Framework Comparison

Three supply chain integrity frameworks. Three different authors. Three different audiences. A practical comparison of SLSA, NIST SSDF, and Microsoft S2C2F for teams picking one.

Aug 30, 20227 min read
Supply Chain Security

Supply Chain Security for Government Agencies

Government agencies face unique software supply chain threats. Here's how federal and state organizations can protect critical infrastructure from compromise.

Aug 18, 20226 min read
Compliance & Regulations

NIST CSF Updates Put Supply Chain Risk Management Front and Center

NIST's 2022 updates to the Cybersecurity Framework signal a major shift: supply chain risk management is no longer optional — it's a core pillar.

Jul 15, 20225 min read
Compliance & Regulations

CISA SBOM Guidance: What Government Agencies Need to Know

CISA's evolving SBOM requirements are reshaping how government agencies procure and manage software. Here's what the guidance says and how to operationalize it.

May 10, 20225 min read
Compliance & Regulations

NIST SP 800-218 (SSDF) Final Publication: What It Means for Your Organization

NIST finalized the Secure Software Development Framework in February 2022. If you sell software to the US government — or plan to — compliance is no longer optional.

May 5, 20225 min read
DevSecOps

CI/CD Pipeline Audit Logging: What to Capture and Why

Your CI/CD pipeline is a high-value target. Without proper audit logging, you will not know when it has been compromised until it is too late.

Apr 28, 20226 min read
Compliance & Regulations

SBOM Formats Compared: CycloneDX vs SPDX in 2022

Two SBOM standards are competing for adoption. CycloneDX and SPDX take fundamentally different approaches to describing software components. Here's what matters when choosing between them.

Feb 5, 20225 min read
Compliance & Regulations

CISA Known Exploited Vulnerabilities Catalog Launched

CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.

Dec 20, 20215 min read
Compliance & Regulations

NTIA SBOM Minimum Elements: What Your SBOM Actually Needs to Contain

The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.

Nov 10, 20218 min read
compliance (Page 36) — Safeguard Blog