Safeguard
Tag

nist

Safeguard articles tagged "nist" — guides, analysis, and best practices for software supply chain and application security.

22 articles

Cloud Security

Common Configuration Scoring System (CCSS) explained

NIST published CCSS in December 2010 to score misconfigurations the way CVSS scores bugs — most cloud teams have never applied it.

Jul 8, 20266 min read
AI Security

NIST SP 800-218A: Operationalizing AI Secure Development in 2026

NIST SP 800-218A turned the SSDF into an AI community profile in July 2024. Eighteen months later, what does real adoption look like for AI software teams?

May 13, 20267 min read
AI Security

CAISI's May 2026 Frontier Model Testing Agreements: Pre-Deployment Evaluation Becomes a Supply-Chain Control

On May 5, 2026, NIST's CAISI signed pre-deployment evaluation agreements with Google DeepMind, Microsoft, and xAI, bringing five frontier labs into a government testing program covering cyber, bio, and chemical risk.

May 6, 202610 min read
Concepts

What Is a Security Control?

A security control is a safeguard that prevents, detects, or responds to threats to reduce risk. Learn the types, categories, and how frameworks organize them.

Apr 9, 20266 min read
Compliance

NIST SP 800-161 Rev. 2 Third-Party Risk 2026

NIST SP 800-161 Rev. 2 reshapes cyber supply chain risk management for federal contractors and commercial buyers. Here is what engineers must operationalize.

Mar 17, 20267 min read
Regulatory Compliance

FedRAMP High Supply Chain Controls in 2026

Rev 5 controls are the operative baseline, and the SR control family is where most FedRAMP High authorizations are now spending their assessor time in 2026.

Mar 14, 20265 min read
Frameworks

NIST AI RMF Cybersecurity Profile (NIST IR 8596 Draft)

NIST released the preliminary draft Cybersecurity Framework Profile for AI (NIST IR 8596) in December 2025, addressing the intersection of AI and cybersecurity from three angles.

Mar 4, 20267 min read
Software Supply Chain Security

Post-Quantum Cryptography Migration for Software Supply Chains

NIST finalized ML-KEM, ML-DSA, and SLH-DSA in 2024. Here's what it means for Sigstore, package registry signing, TLS, and the harvest-now-decrypt-later problem.

Feb 28, 20267 min read
Compliance

What is a Security Risk Assessment

A security risk assessment ranks real business risk, not raw CVE counts. Here's what it involves, how often it's required, and how it differs from scanning.

Feb 25, 20266 min read
Compliance

NIST SSDF Audit: What Auditors Actually Check

A practical walkthrough of what NIST Secure Software Development Framework audits look like in 2026, where evidence gaps show up, and how to prepare without burning out engineering.

Feb 18, 20266 min read
Compliance

NIST SP 800-218A: SSDF Practices for Generative AI Models

NIST finalized SP 800-218A on July 26, 2024, augmenting the Secure Software Development Framework with practices specific to generative AI and dual-use foundation models.

Feb 10, 20256 min read
Regulatory Compliance

NIST CSF 2.0 Rollout: Field Observations

NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.

Nov 22, 20246 min read
nist — Safeguard Blog