Date Published: June 11, 2019
Comments Due: August 5, 2019 (public comment period is CLOSED)
Email Questions to: ssdf@nist.gov
, ,
This white paper recommends a core set of high-level secure software development practices, called a secure software development framework (SSDF), to be added to each software development life cycle (SDLC) implementation.
The paper facilitates communications about secure software development practices amongst business owners, software developers, and cybersecurity professionals within an organization. Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Software consumers can reuse and adapt the practices in their software acquisition processes.Access Control; Awareness and Training; Contingency Planning; Program Management; Personnel Security; System and Information Integrity
Publication:
SSDF Draft
Supplemental Material:
None available
Document History:
06/11/19: White Paper (Draft)
04/23/20: White Paper (Final)
Security and Privacy
acquisition; digital signatures; encryption; risk management; systems security engineering
Technologies
software & firmware
Applications
cybersecurity framework
Laws and Regulations
Executive Order 13636; Executive Order 13800