Safeguard
Tag

federal-compliance

Safeguard articles tagged "federal-compliance" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Compliance

Federal AST mandate M-22-09 explained

OMB's M-22-09 forces federal agencies to run continuous application security testing under zero trust. Here's what changed, and how Safeguard compares to Checkmarx.

Jun 25, 20267 min read
Compliance

Software supply chain compliance for federal contractors

CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.

May 8, 20267 min read
Compliance

What is the NIST Secure Software Development Framework (SSDF)

NIST SSDF (SP 800-218) explained: its four practice groups, the EO 14028 origin, federal attestation deadlines, and how it differs from SLSA and SP 800-53.

Feb 26, 20266 min read
SBOM & Compliance

SBOM requirements under DoD software supply chain risk ma...

A practical breakdown of DoD SBOM requirements — where they came from, how Software Fast Track enforces them, and what happens when contractors can't produce one.

Dec 27, 20257 min read
Guides

How to Meet EO 14028 Self-Attestation Requirements Step by Step

The CISA attestation form is final and the deadlines are real. Here is the step-by-step path: scope, SSDF evidence, POA&Ms, and RSAA submission.

May 2, 20247 min read
Compliance

CISA Secure Software Development Attestation: What Vendors Must Know

CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.

Mar 11, 20246 min read
Industry Guides

Government Contractor SBOM Compliance: Meeting Federal Requirements

Federal agencies are mandating SBOMs from their software suppliers. If you sell software to the government, here's what compliance looks like.

Feb 8, 20247 min read
Compliance & Regulations

CISA Self-Attestation Form: What Software Producers Need to Know

OMB M-22-18 requires software producers selling to the federal government to self-attest to secure development practices. Here's what's required.

Oct 8, 20226 min read
Compliance & Regulations

Executive Order 14028: What It Means for Software Supply Chain Security

President Biden's Executive Order 14028 redefined how the federal government approaches cybersecurity. Here's what every software vendor needs to know.

May 12, 20215 min read
federal-compliance — Safeguard Blog