Safeguard
Tag

defense-contractors

Safeguard articles tagged "defense-contractors" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Regulatory Compliance

CMMC compliance levels for defense contractors

CMMC's three levels are now law for defense contractors. Here's what Level 1, 2, and 3 require, when they hit your contracts, and where tools like Vanta fall short.

Mar 19, 20267 min read
Regulatory Compliance

CMMC 2.0 software supply chain security requirements for ...

CMMC 2.0 now folds SBOMs, third-party component risk, and build-pipeline integrity into defense contractor assessments. Here's what's required, when, and how to prove it.

Dec 27, 20257 min read
Vulnerability Analysis

CVE analysis: nation-state supply chain attacks on defens...

CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.

Dec 26, 20258 min read
Compliance

CMMC 32 CFR Part 170: The Program Rule and the Four Phases

DoD's CMMC program rule became effective December 16, 2024 with a four-phase rollout running through November 2028. The companion DFARS rule landed September 10, 2025.

Sep 15, 20256 min read
Compliance

NIST 800-171 Rev. 3 and the DoD Class Deviation: Stuck on Rev. 2

NIST published 800-171 Rev. 3 on May 14, 2024. Twelve days earlier, DoD froze DFARS 7012 to Rev. 2 via Class Deviation 2024-O0013.

May 29, 20256 min read
Compliance

CMMC Level 2 for Software Vendors: A Practical Roadmap

CMMC Level 2 means all 110 NIST SP 800-171 controls, assessed by a C3PAO for most contractors. Here's the scoping, gap-closing, and evidence roadmap for software vendors.

May 3, 20246 min read
defense-contractors — Safeguard Blog