close search bar

Sorry, not available in this language yet

close language selection

If your organization manages payments, handles sensitive customer or patient data, or operates in a regulated market, you may need to demonstrate compliance with specific standards to maintain customer trust and avoid legal or regulatory penalties.

Build compliance into your SDLC

Synopsys tools and services can integrate software testing into development workflows, focus analyses and remediation on compliance objectives, and report against the software standards that are most important to your business.

Solutions to help meet your compliance needs

Software is a key differentiator for many organizations. But before shipping it to customers, you need to ensure that it meets the coding standards that are important for your business. Synopsys tools, services, and eLearning can help enable compliance with many standards related to software quality, security, safety, and privacy.

Aerospace and defense


DISA-STIG

DISA-STIG refers to the set of technical guidelines that the United States Department of Defense relies on to protect information systems and software from malicious attacks. In regard to application security, these guidelines define how secure software should be developed, integrated, and upgraded in order to comply with these requirements. 

DO-178C

The DO-178 standards were created to ensure the safety, reliability, and effectiveness of software that will be used in airborne systems. DO-178C was introduced to include new processes and techniques that were not included in previous versions of the standard (such as DO-178B), and therefore may be unfamiliar to organizations that have only previously complied with earlier versions.

Automotive


AUTOSAR

The AUTOSAR standards are created and maintained by an alliance of Tier 1 automotive suppliers, semiconductor manufacturers, original equipment manufacturers, and software suppliers. They provide requirements for basic software modules, application interfaces, and development methodologies to help ensure the safety, reliability, and maintainability of software used in the automotive industry.

MISRA

The Motor Industry Software Reliability Association (MISRA) standards refer to the widely adopted coding standards for C and C++ languages. MISRA provides a comprehensive set of coding guidelines that focuses on protecting applications against known safety violations and security vulnerabilities.

ISO 26262

To help address vehicle safety, the International Organization for Standardization (ISO) put forth ISO 26262 in 2011 for road vehicle functional safety. The standard was created to provide guidance to avoid the risk of systematic failures and random hardware failures through feasible requirements and processes.

ISO / SAE 21434

The International Organization for Standardization (ISO) created ISO 21434 to provide a framework for cybersecurity in road vehicle systems. The standard covers every stage of the vehicle life cycle, including design, secure engineering, product development, and decommissioning.

Hyundai Coding Standards

Hyundai-Kia Motor Corp has produced a secure C++ coding standard for automotive development that companies must adhere to if they wish to conduct business with Hyundai.

Financial Services


PCI DSS

PCI DSS is an information security standard for organizations that handle payment cards, including any retailers, financial institutions, point-of-sale vendors, and hardware and software developers that create or operate the infrastructure for processing payments.

Medical devices


FDA Section 524B

Section 524B of the Food and Drug Cosmetic Act describes a set of requirements that medical device manufacturers must follow to monitor, identify, and address cybersecurity vulnerabilities as part of an established cybersecurity risk management program.

Public sector


FedRAMP

The Federal Risk and Authorization Management Program is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 

NIST SP 800-161

This publication provides guidance to federal agencies on identifying, assessing, and mitigating software supply chain risks at all levels of their organizations. 

NIST SP800-218

SP 800-218 provides a set of recommendations as part of the NIST Secure Software Development Framework to help organizations reduce the likelihood of vulnerabilities in their software, mitigate the impact if vulnerabilities are exploited, and identify the root causes of issues to prevent new vulnerabilities from being introduced.

<p>Synopsys can help you verify and maintain compliance before, during, and after development.</p><p>Many Synopsys employees serve or have served as subject matter experts for committees, boards, working groups, programs, and projects related to software quality and security standards, policies, and regulatory guidelines, as well as open source community initiatives.</p><p><a href="/content/synopsys/en-us/software-integrity/partners/standards-policies-collaborations.html">View standards and policies collaborations</a></p><p><a href="/content/synopsys/en-us/software-integrity/partners/open-source-community.html">View open source community initiatives</a></p><p><a href="/content/synopsys/en-us/software-integrity/training/software-security-courses.html" target="_blank">View compliance training</a></p>

Let us help you navigate the complex compliance landscape

Synopsys can help you verify and maintain compliance before, during, and after development.

Many Synopsys employees serve or have served as subject matter experts for committees, boards, working groups, programs, and projects related to software quality and security standards, policies, and regulatory guidelines, as well as open source community initiatives.

View standards and policies collaborations

View open source community initiatives