federal
Safeguard articles tagged "federal" — guides, analysis, and best practices for software supply chain and application security.
13 articles
SBOMs and Executive Order 14028: how a 2021 order reshaped software supply chain policy
Executive Order 14028 made the software bill of materials a matter of federal policy. Here's the story of how it happened, what it requires, and what it means for you in 2026.
EO 14028 producer self-attestation: where the CISA Form sits in 2026
The CISA Secure Software Development Attestation Form went live in March 2024. Two years and several revisions later, here is what producers actually have to attest, and where the common gotchas are.
EO 14144 to EO 14306: How the Federal Software Mandate Evolved
EO 14144 set ambitious supply chain rules for federal software in January 2025. EO 14306 in June reshaped them. Here is what survived, what changed, and what to plan for.
FedRAMP 20x Phase Two: What Moderate Pilots Are Teaching Us
FedRAMP 20x Phase Two is running Moderate-baseline pilots through Q2 2026. We walk through KSIs, machine-readable OSCAL, and the path to wide-scale adoption.
Federal Software Procurement and SBOM Requirements: A Vendor's Playbook
If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.
Federal Agency FedRAMP Evidence Pack in 30 Days
An anonymized look at how a US federal civilian agency assembled a complete FedRAMP High supply chain evidence pack in 30 days using Safeguard.
CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know
CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.
EO 14028 Two Years In: What Actually Shipped
A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.
DHS Software Assurance Guidance: A Review
CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.
FedRAMP Meets STIG: Practical Mapping
FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.
Federal SBOM Mandate: Compliance Deadlines and What They Mean for Vendors
Federal agencies are tightening SBOM requirements for software suppliers. Here's what vendors need to know about compliance deadlines, attestation requirements, and practical implementation.
Executive Order 14028 at the Two-Year Mark
Two years after Executive Order 14028 on federal cybersecurity, the operational impact is clearer. What actually changed, what stalled, and what is coming in year three.