NOW Open for Comment | NIST’s Secure Software Development Framework (SSDF) Version 1.1
NIST is seeking comments by November 5, 2021 on a new draft document, NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. NIST used inputs from the public and its June 2021 workshop to shape SSDF version 1.1 in support of NIST's responsibilities under Executive Order (EO) 14028.
Draft SP 800-218 recommends a set of high-level secure software development practices called the SSDF that can be used for all software development. Following these practices helps software producers ensure that the software they develop is well secured. Draft SP 800-218 also maps EO 14028 clauses to the SSDF practices and tasks that help address each clause. Additionally, the SSDF provides a common secure software development vocabulary for software purchasers and consumers.
Please visit this page for details about how to submit comments and email us at ssdf@nist.gov with any questions.
NIST Cybersecurity and Privacy Program
NIST Computer Security Division (CSD)
Questions/Comments about this notice: ssdf@nist.gov
CSRC Website questions: webmaster-csrc@nist.gov
|
