Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

FAQ

EU Cyber Resilience Act FAQ: Timelines, SBOMs, and Reporting Duties

A precise FAQ on the EU Cyber Resilience Act in 2026 — what it covers, the phased 2026 and 2027 deadlines, the SBOM requirement, 24-hour vulnerability reporting, risk classes, and penalties.

Jul 3, 20266 min read
Compliance

FedRAMP and the software supply chain: a 2026 guide

FedRAMP authorization increasingly hinges on how you secure your software supply chain. Here's how the SR control family, SBOMs, and SSDF attestation fit together.

Jul 3, 20265 min read
Compliance

ISO 27001 Annex A controls guide: the software and supplier set

ISO/IEC 27001:2022 restructured Annex A into 93 controls and added new ones for secure development and supply chain. Here is the subset that lands on engineering teams and how to evidence it.

Jul 3, 20266 min read
Concepts

Understanding SBOM Formats

A software bill of materials is only useful if tools can read it. Two standards dominate — SPDX and CycloneDX — and knowing what each captures, how they differ, and when to use which is the difference between an inventory that works and one that gathers dust.

Jul 3, 20266 min read
Compliance

HIPAA compliance for developers: securing the software supply chain

HIPAA does not name your open source dependencies, but its Security Rule holds you responsible for them. Here's what developers building health-tech actually need to do.

Jul 2, 20266 min read
FAQ

FedRAMP Compliance FAQ: Baselines, 3PAOs, ConMon, and FedRAMP 20x

A precise FAQ on FedRAMP in 2026 — impact baselines, NIST 800-53 controls, the agency authorization path, continuous monitoring, DoD Impact Levels, and the FedRAMP 20x modernization.

Jul 2, 20266 min read
Compliance

GDPR for software developers: privacy by design in practice

GDPR is not just a legal team's problem. Data protection by design, security of processing, and processor due diligence all translate into code, dependencies, and architecture. Here is the developer's view.

Jul 2, 20266 min read
Compliance

PCI DSS 4.0 for developers: a practical secure-coding guide

PCI DSS 4.0 moved secure development from an annual review to a continuous engineering practice. Here's what Requirement 6 means for developers writing and shipping code.

Jul 2, 20265 min read
Compliance

PCI DSS 4.0 Requirement 6: the software security guide

Requirement 6 is where PCI DSS 4.0 turned application and software security into a continuous, evidenced discipline. Here is a clause-by-clause walkthrough of 6.2 through 6.5 and what auditors expect.

Jul 2, 20266 min read
Concepts

What Is the BSD License? 2-Clause vs 3-Clause Explained

The BSD licenses are a family of short, permissive licenses. This guide explains the 2-clause and 3-clause variants, what each permits, and what they mean for compliance.

Jul 2, 20266 min read
Concepts

What Is the GPL License? Copyleft Explained

The GNU General Public License is the best-known copyleft license. This guide explains what it permits, its source-disclosure obligations, GPLv2 vs GPLv3, and what it means for your project.

Jul 2, 20267 min read
Buyer's Guides

Best CSPM Tools in 2026: An Honest Buyer's Guide

A balanced comparison of the best CSPM tools in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, Orca, Tenable Cloud Security, and AWS Security Hub — with honest tradeoffs and where shift-left IaC scanning from Safeguard fits.

Jul 1, 20266 min read
compliance (Page 4) — Safeguard Blog