compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
EU Cyber Resilience Act FAQ: Timelines, SBOMs, and Reporting Duties
A precise FAQ on the EU Cyber Resilience Act in 2026 — what it covers, the phased 2026 and 2027 deadlines, the SBOM requirement, 24-hour vulnerability reporting, risk classes, and penalties.
FedRAMP and the software supply chain: a 2026 guide
FedRAMP authorization increasingly hinges on how you secure your software supply chain. Here's how the SR control family, SBOMs, and SSDF attestation fit together.
ISO 27001 Annex A controls guide: the software and supplier set
ISO/IEC 27001:2022 restructured Annex A into 93 controls and added new ones for secure development and supply chain. Here is the subset that lands on engineering teams and how to evidence it.
Understanding SBOM Formats
A software bill of materials is only useful if tools can read it. Two standards dominate — SPDX and CycloneDX — and knowing what each captures, how they differ, and when to use which is the difference between an inventory that works and one that gathers dust.
HIPAA compliance for developers: securing the software supply chain
HIPAA does not name your open source dependencies, but its Security Rule holds you responsible for them. Here's what developers building health-tech actually need to do.
FedRAMP Compliance FAQ: Baselines, 3PAOs, ConMon, and FedRAMP 20x
A precise FAQ on FedRAMP in 2026 — impact baselines, NIST 800-53 controls, the agency authorization path, continuous monitoring, DoD Impact Levels, and the FedRAMP 20x modernization.
GDPR for software developers: privacy by design in practice
GDPR is not just a legal team's problem. Data protection by design, security of processing, and processor due diligence all translate into code, dependencies, and architecture. Here is the developer's view.
PCI DSS 4.0 for developers: a practical secure-coding guide
PCI DSS 4.0 moved secure development from an annual review to a continuous engineering practice. Here's what Requirement 6 means for developers writing and shipping code.
PCI DSS 4.0 Requirement 6: the software security guide
Requirement 6 is where PCI DSS 4.0 turned application and software security into a continuous, evidenced discipline. Here is a clause-by-clause walkthrough of 6.2 through 6.5 and what auditors expect.
What Is the BSD License? 2-Clause vs 3-Clause Explained
The BSD licenses are a family of short, permissive licenses. This guide explains the 2-clause and 3-clause variants, what each permits, and what they mean for compliance.
What Is the GPL License? Copyleft Explained
The GNU General Public License is the best-known copyleft license. This guide explains what it permits, its source-disclosure obligations, GPLv2 vs GPLv3, and what it means for your project.
Best CSPM Tools in 2026: An Honest Buyer's Guide
A balanced comparison of the best CSPM tools in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, Orca, Tenable Cloud Security, and AWS Security Hub — with honest tradeoffs and where shift-left IaC scanning from Safeguard fits.