Safeguard
Tag

federal

Safeguard articles tagged "federal" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Compliance

SBOMs and Executive Order 14028: how a 2021 order reshaped software supply chain policy

Executive Order 14028 made the software bill of materials a matter of federal policy. Here's the story of how it happened, what it requires, and what it means for you in 2026.

Jul 4, 20265 min read
Compliance

EO 14028 producer self-attestation: where the CISA Form sits in 2026

The CISA Secure Software Development Attestation Form went live in March 2024. Two years and several revisions later, here is what producers actually have to attest, and where the common gotchas are.

May 14, 20268 min read
Compliance

EO 14144 to EO 14306: How the Federal Software Mandate Evolved

EO 14144 set ambitious supply chain rules for federal software in January 2025. EO 14306 in June reshaped them. Here is what survived, what changed, and what to plan for.

May 6, 20266 min read
Compliance

FedRAMP 20x Phase Two: What Moderate Pilots Are Teaching Us

FedRAMP 20x Phase Two is running Moderate-baseline pilots through Q2 2026. We walk through KSIs, machine-readable OSCAL, and the path to wide-scale adoption.

Apr 22, 20266 min read
Compliance

Federal Software Procurement and SBOM Requirements: A Vendor's Playbook

If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.

Feb 22, 20266 min read
Case Studies

Federal Agency FedRAMP Evidence Pack in 30 Days

An anonymized look at how a US federal civilian agency assembled a complete FedRAMP High supply chain evidence pack in 30 days using Safeguard.

Feb 5, 20267 min read
Compliance

CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know

CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.

Jan 25, 20266 min read
Compliance

EO 14028 Two Years In: What Actually Shipped

A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.

Jan 14, 20267 min read
Regulatory Compliance

DHS Software Assurance Guidance: A Review

CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.

Oct 28, 20254 min read
Regulatory Compliance

FedRAMP Meets STIG: Practical Mapping

FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.

Oct 18, 20246 min read
Compliance & Regulations

Federal SBOM Mandate: Compliance Deadlines and What They Mean for Vendors

Federal agencies are tightening SBOM requirements for software suppliers. Here's what vendors need to know about compliance deadlines, attestation requirements, and practical implementation.

Dec 1, 20235 min read
Regulatory Compliance

Executive Order 14028 at the Two-Year Mark

Two years after Executive Order 14028 on federal cybersecurity, the operational impact is clearer. What actually changed, what stalled, and what is coming in year three.

Nov 5, 20236 min read
federal — Safeguard Blog