Safeguard
Tag

regulatory-compliance

Safeguard articles tagged "regulatory-compliance" — guides, analysis, and best practices for software supply chain and application security.

57 articles

Regulatory Compliance

PCI DSS software composition analysis requirements for pa...

What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.

Jan 5, 20267 min read
Regulatory Compliance

GLBA Safeguards Rule requirements for software vendor ris...

What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.

Jan 3, 20268 min read
Regulatory Compliance

HIPAA compliance and software composition analysis for he...

HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.

Jan 2, 20267 min read
Regulatory Compliance

NAIC Insurance Data Security Model Law compliance for sof...

What NAIC model law software vendor compliance means for insurtech and SaaS vendors, and how insurer TPRM programs are enforcing it in contracts today.

Dec 31, 20258 min read
Regulatory Compliance

ISO/SAE 21434 compliance for automotive software suppliers

What ISO/SAE 21434 actually requires of automotive software suppliers, why UN R155 makes it mandatory, and how Tier 1s can build compliance into engineering instead of bolting it on.

Dec 29, 20258 min read
Regulatory Compliance

UNECE WP.29 R155 software supply chain requirements for a...

A practical breakdown of UNECE WP.29 R155 compliance: CSMS certification, the SBOM requirement, and type approval cybersecurity rules automakers and suppliers now face.

Dec 29, 20257 min read
Regulatory Compliance

CMMC 2.0 software supply chain security requirements for ...

CMMC 2.0 now folds SBOMs, third-party component risk, and build-pipeline integrity into defense contractor assessments. Here's what's required, when, and how to prove it.

Dec 27, 20257 min read
Regulatory Compliance

NIST 800-171 and software composition analysis for defens...

How NIST 800-171 software composition analysis, DFARS 252.204-7012, and CMMC 2.0 reshape open-source risk management for defense contractors protecting CUI.

Dec 27, 20257 min read
Regulatory Compliance

FCC and CISA guidance on telecom software supply chain se...

FCC telecom software supply chain guidance now overlaps with the Covered List and CISA telecom advisories. Here's what carriers must actually track.

Dec 25, 20257 min read
Regulatory Compliance

PCI DSS 4.0 requirement 6.4.3 for e-commerce third-party ...

PCI DSS 4.0 now mandates strict controls over third-party JavaScript on payment pages. Here's what requirements 6.4.3 and 11.6.1 require and how to comply.

Dec 24, 20258 min read
Regulatory Compliance

NERC CIP-013 compliance and software supply chain risk ma...

NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.

Dec 22, 20258 min read
Regulatory Compliance

TSA pipeline cybersecurity directive and software supply ...

A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.

Dec 21, 20257 min read
regulatory-compliance (Page 4) — Safeguard Blog