U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Computer Security Resource Center

Computer Security Resource Center

Projects Secure Software Development Framework

Secure Software Development Framework SSDF

News and Updates

SSDF v1.1: Draft SP 800-218 Available for Comment
September 30, 2021
Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.
SSDF: Mitigating Risk of Software Vulnerabilities
April 23, 2020
NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.
Draft White Paper on SSDF
June 11, 2019
A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

Additional Pages

References

Contacts

SSDF Inquiries
ssdf@nist.gov

Topics

Security and Privacy: systems security engineering, vulnerability management

Technologies: software & firmware

Laws and Regulations: Executive Order 14028

Created February 25, 2021, Updated February 03, 2022