Hi All,
NIST just published for Comment | NIST's Secure Software Development Framework (SSDF) Version 1.1
NIST is seeking comments by November 5, 2021, on a new draft document, NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. NIST used inputs from the public and its June 2021 workshop to shape SSDF version 1.1 in support of NIST's responsibilities under Executive Order (EO) 14028.
Draft SP 800-218 recommends a set of high-level secure software development practices called the SSDF that can be used for all software development. Following these practices helps software producers ensure that the software they develop is well secured. Draft SP 800-218 also maps EO 14028 clauses to the SSDF practices and tasks that help address each clause. Additionally, the SSDF provides a common secure software development vocabulary for software purchasers and consumers.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------