Safeguard
Tag

NIST-800-171

Safeguard articles tagged "NIST-800-171" — guides, analysis, and best practices for software supply chain and application security.

15 articles

Solutions

Software Supply Chain Security for Defense

CMMC 2.0, NIST SP 800-171, DFARS clauses, and the DoD's push toward SBOM-backed software authorization have raised the bar for the defense industrial base. Here is what contractors need, including in air-gapped enclaves.

Jul 7, 20266 min read
Compliance

CMMC 2.0 Explained: What Defense Contractors and Their Software Must Do

CMMC 2.0 turns NIST SP 800-171 into a certification requirement for the defense supply chain. Here's how the three levels work, who assesses them, and where your software components fit.

Jul 3, 20266 min read
Compliance

Software supply chain compliance for federal contractors

CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.

May 8, 20267 min read
Compliance

CMMC compliance for software vendors

CMMC 2.0 is now contractually mandatory across the DoD supply chain. Here's what software vendors must know about levels, deadlines, costs, and SBOMs.

May 7, 20267 min read
Compliance

CMMC 2.0 compliance for containerized workloads

CMMC 2.0 enforcement is phasing in through 2028. Hardened container images help, but 35+ of 110 NIST 800-171 controls need continuous evidence Chainguard's approach doesn't cover.

Mar 31, 20268 min read
Regulatory Compliance

CMMC 2.0 Final Rule Preparation in 2026

The CMMC final rule took effect in December 2024 and rolling contract clauses began appearing in 2025. Here is what contractors should be doing right now in 2026.

Mar 26, 20265 min read
Regulatory Compliance

CMMC compliance levels for defense contractors

CMMC's three levels are now law for defense contractors. Here's what Level 1, 2, and 3 require, when they hit your contracts, and where tools like Vanta fall short.

Mar 19, 20267 min read
Compliance

CMMC Level 3 Software Supply Chain Checklist 2026

A senior engineer's CMMC Level 3 checklist focused on software supply chain: SBOM, SC-SR controls, SSP evidence, and the operational gaps most defense contractors still have.

Mar 14, 20268 min read
Regulatory Compliance

CMMC vs NIST 800-171: key differences

CMMC and NIST 800-171 aren't the same thing. We break down the differences, where control families overlap, and how supply chain evidence fits into assessment.

Mar 13, 20268 min read
Regulatory Compliance

NIST 800-171 and software composition analysis for defens...

How NIST 800-171 software composition analysis, DFARS 252.204-7012, and CMMC 2.0 reshape open-source risk management for defense contractors protecting CUI.

Dec 27, 20257 min read
Compliance

CMMC 32 CFR Part 170: The Program Rule and the Four Phases

DoD's CMMC program rule became effective December 16, 2024 with a four-phase rollout running through November 2028. The companion DFARS rule landed September 10, 2025.

Sep 15, 20256 min read
Compliance

NIST 800-171 Rev. 3 and the DoD Class Deviation: Stuck on Rev. 2

NIST published 800-171 Rev. 3 on May 14, 2024. Twelve days earlier, DoD froze DFARS 7012 to Rev. 2 via Class Deviation 2024-O0013.

May 29, 20256 min read
NIST-800-171 — Safeguard Blog