federal-compliance
Safeguard articles tagged "federal-compliance" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Federal AST mandate M-22-09 explained
OMB's M-22-09 forces federal agencies to run continuous application security testing under zero trust. Here's what changed, and how Safeguard compares to Checkmarx.
Software supply chain compliance for federal contractors
CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.
What is the NIST Secure Software Development Framework (SSDF)
NIST SSDF (SP 800-218) explained: its four practice groups, the EO 14028 origin, federal attestation deadlines, and how it differs from SLSA and SP 800-53.
SBOM requirements under DoD software supply chain risk ma...
A practical breakdown of DoD SBOM requirements — where they came from, how Software Fast Track enforces them, and what happens when contractors can't produce one.
How to Meet EO 14028 Self-Attestation Requirements Step by Step
The CISA attestation form is final and the deadlines are real. Here is the step-by-step path: scope, SSDF evidence, POA&Ms, and RSAA submission.
CISA Secure Software Development Attestation: What Vendors Must Know
CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.
Government Contractor SBOM Compliance: Meeting Federal Requirements
Federal agencies are mandating SBOMs from their software suppliers. If you sell software to the government, here's what compliance looks like.
CISA Self-Attestation Form: What Software Producers Need to Know
OMB M-22-18 requires software producers selling to the federal government to self-attest to secure development practices. Here's what's required.
Executive Order 14028: What It Means for Software Supply Chain Security
President Biden's Executive Order 14028 redefined how the federal government approaches cybersecurity. Here's what every software vendor needs to know.