fedramp
Safeguard articles tagged "fedramp" — guides, analysis, and best practices for software supply chain and application security.
44 articles
Multi-Tenant Isolation for FedRAMP HIGH
How Safeguard achieves hard multi-tenant isolation in a platform that meets FedRAMP HIGH — the boundaries, the proofs, and the trade-offs we accepted.
Federal Agency FedRAMP Evidence Pack in 30 Days
An anonymized look at how a US federal civilian agency assembled a complete FedRAMP High supply chain evidence pack in 30 days using Safeguard.
Safeguard Lion 2.0: Multi-Jurisdiction Compliance
Lion 2.0 is Safeguard's compliance model. The 2.0 release adds multi-jurisdiction mapping, control-level evidence, and a new export for audit packages.
FedRAMP 20x Phase One: 13 of 26 Pilot Reviews Completed
GSA announced FedRAMP 20x on March 24, 2025. By the end of Phase One in late September, FedRAMP had received 26 submissions and completed 13 reviews.
NIST SP 800-53 Release 5.2.0: Three New Controls You Cannot Ignore
NIST released SP 800-53 5.2.0 on August 27, 2025 with three new controls focused on patch root-cause analysis, structured logging, and cyber resiliency. Here is what it means for compliance teams.
FedRAMP 20x KSIs: Compliance as Machine-Readable Evidence
FedRAMP 20x, launched March 2025, replaces document-heavy authorization with 56-61 Key Security Indicators submitted as OSCAL. Here is what cloud providers must actually automate.
FedRAMP Continuous Monitoring Automation Playbook
FedRAMP 20x demands real-time ConMon. Here's how to automate monthly POA&M, vulnerability deviation, and SBOM attestation without a 20-person team.
FedRAMP Meets STIG: Practical Mapping
FedRAMP wants NIST 800-53 Rev 5 controls. DISA STIGs want hardening settings. The mapping between them is what determines whether your authorization package actually clears review.