Regulatory Compliance
State and Local Government SBOM Mandates
States and cities are adopting SBOM requirements faster than most vendors have noticed. A survey of where the mandates sit and what they actually require.
Oct 15, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
States and cities are adopting SBOM requirements faster than most vendors have noticed. A survey of where the mandates sit and what they actually require.
A tour through the attestations, self-certifications, and supply chain obligations that now shape how governments buy software.
PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.
The FDA's cybersecurity guidance has quietly turned into one of the most consequential supply chain regulations in US software. A walkthrough for engineering teams shipping connected medical products.
CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.
The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.
Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.
How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.
Where the DoD Zero Trust Reference Architecture meets the software supply chain, and what program offices are actually doing about it.
Weekly insights on software supply chain security, delivered to your inbox.