The NIST NCCoE is excited to announce the release of the preliminary draft Volume A of NIST Special Publication (SP) 1800-44, Secure Software Development, Security, and Operations (DevSecOps) Practices, to provide a high-level overview of the guidance NIST is developing to increase the security of software
The NCCoE is collaborating with 14 companies through the Software Supply Chain and DevOps Security Practices Consortium as part of NIST’s response to White House Executive Order (EO) 14306, Sustaining Select Efforts to Strengthen the Nation's Cybersecurity and Amending Executive Order 13694 and Executive Order 14144. As stipulated in the EO, NIST is directed to establish the consortium to develop guidance that demonstrates the implementation of best practices based on NIST’s Secure Software Development Framework (SSDF).
The NCCoE has just released the preliminary public draft Volume A of Secure Software Development, Security, and Operations (DevSecOps) Practices (NIST Special Publication (SP) 1800-44) for public comment. The current version provides a high-level overview of the scope of the project; future guidance will be released to include a detailed reference model and specific implementation guidance for each of the project’s planned use cases.
The NCCoE welcomes public comments on the preliminary draft guidance through September 14, 2025. The project team plans to release additional drafts of the guidance incrementally throughout the project, accompanied by public comment periods. Those interested can also join the NCCoE DevSecOps Community of Interest (COI) to stay up to date and collaborate on the project.
