Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Secure Software Development Framework

Secure Software Development Framework SSDF

News and Updates

Implementing a Risk-Based Approach to DevSecOps: Final Project Description
November 9, 2022
The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.
NCCoE Releases Draft Project Description for DevSecOps
July 21, 2022
The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. 
RFI | Evaluating and Improving NIST Cybersecurity Resources: CSF and CSCRM
February 22, 2022
NIST is seeking information to assist in evaluating and improving its cybersecurity resources—including the widely-used NIST Cybersecurity Framework (CSF) and a variety of existing and potential standards, guidelines, and...
NIST Updates the Secure Software Development Framework (SSDF)
February 4, 2022
The SSDF has been updated to version 1.1 in the new release of NIST Special Publication (SP) 800-218.
SSDF v1.1: Draft SP 800-218 Available for Comment
September 30, 2021
Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.
SSDF: Mitigating Risk of Software Vulnerabilities
April 23, 2020
NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.
Draft White Paper on SSDF
June 11, 2019
A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

Additional Pages

References

Contacts

SSDF Inquiries
ssdf@nist.gov

Topics

Security and Privacy: systems security engineering, vulnerability management

Technologies: software & firmware

Laws and Regulations: Executive Order 14028

Created February 25, 2021, Updated March 12, 2024