NIST-800-171
Safeguard articles tagged "NIST-800-171" — guides, analysis, and best practices for software supply chain and application security.
15 articles
Software Supply Chain Security for Defense
CMMC 2.0, NIST SP 800-171, DFARS clauses, and the DoD's push toward SBOM-backed software authorization have raised the bar for the defense industrial base. Here is what contractors need, including in air-gapped enclaves.
CMMC 2.0 Explained: What Defense Contractors and Their Software Must Do
CMMC 2.0 turns NIST SP 800-171 into a certification requirement for the defense supply chain. Here's how the three levels work, who assesses them, and where your software components fit.
Software supply chain compliance for federal contractors
CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.
CMMC compliance for software vendors
CMMC 2.0 is now contractually mandatory across the DoD supply chain. Here's what software vendors must know about levels, deadlines, costs, and SBOMs.
CMMC 2.0 compliance for containerized workloads
CMMC 2.0 enforcement is phasing in through 2028. Hardened container images help, but 35+ of 110 NIST 800-171 controls need continuous evidence Chainguard's approach doesn't cover.
CMMC 2.0 Final Rule Preparation in 2026
The CMMC final rule took effect in December 2024 and rolling contract clauses began appearing in 2025. Here is what contractors should be doing right now in 2026.
CMMC compliance levels for defense contractors
CMMC's three levels are now law for defense contractors. Here's what Level 1, 2, and 3 require, when they hit your contracts, and where tools like Vanta fall short.
CMMC Level 3 Software Supply Chain Checklist 2026
A senior engineer's CMMC Level 3 checklist focused on software supply chain: SBOM, SC-SR controls, SSP evidence, and the operational gaps most defense contractors still have.
CMMC vs NIST 800-171: key differences
CMMC and NIST 800-171 aren't the same thing. We break down the differences, where control families overlap, and how supply chain evidence fits into assessment.
NIST 800-171 and software composition analysis for defens...
How NIST 800-171 software composition analysis, DFARS 252.204-7012, and CMMC 2.0 reshape open-source risk management for defense contractors protecting CUI.
CMMC 32 CFR Part 170: The Program Rule and the Four Phases
DoD's CMMC program rule became effective December 16, 2024 with a four-phase rollout running through November 2028. The companion DFARS rule landed September 10, 2025.
NIST 800-171 Rev. 3 and the DoD Class Deviation: Stuck on Rev. 2
NIST published 800-171 Rev. 3 on May 14, 2024. Twelve days earlier, DoD froze DFARS 7012 to Rev. 2 via Class Deviation 2024-O0013.