regulatory-compliance
Safeguard articles tagged "regulatory-compliance" — guides, analysis, and best practices for software supply chain and application security.
57 articles
PCI DSS software composition analysis requirements for pa...
What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.
GLBA Safeguards Rule requirements for software vendor ris...
What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.
HIPAA compliance and software composition analysis for he...
HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.
NAIC Insurance Data Security Model Law compliance for sof...
What NAIC model law software vendor compliance means for insurtech and SaaS vendors, and how insurer TPRM programs are enforcing it in contracts today.
ISO/SAE 21434 compliance for automotive software suppliers
What ISO/SAE 21434 actually requires of automotive software suppliers, why UN R155 makes it mandatory, and how Tier 1s can build compliance into engineering instead of bolting it on.
UNECE WP.29 R155 software supply chain requirements for a...
A practical breakdown of UNECE WP.29 R155 compliance: CSMS certification, the SBOM requirement, and type approval cybersecurity rules automakers and suppliers now face.
CMMC 2.0 software supply chain security requirements for ...
CMMC 2.0 now folds SBOMs, third-party component risk, and build-pipeline integrity into defense contractor assessments. Here's what's required, when, and how to prove it.
NIST 800-171 and software composition analysis for defens...
How NIST 800-171 software composition analysis, DFARS 252.204-7012, and CMMC 2.0 reshape open-source risk management for defense contractors protecting CUI.
FCC and CISA guidance on telecom software supply chain se...
FCC telecom software supply chain guidance now overlaps with the Covered List and CISA telecom advisories. Here's what carriers must actually track.
PCI DSS 4.0 requirement 6.4.3 for e-commerce third-party ...
PCI DSS 4.0 now mandates strict controls over third-party JavaScript on payment pages. Here's what requirements 6.4.3 and 11.6.1 require and how to comply.
NERC CIP-013 compliance and software supply chain risk ma...
NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.
TSA pipeline cybersecurity directive and software supply ...
A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.