SSDF Version 1.1¶

Welcome to the NIST Secure Software Development Framework (SSDF) documentation.

The SSDF organizes security practices into the following high-level groups:

PO: Prepare the Organization ¶

Organizations should ensure that their people, processes, and technology are prepared to perform secure software development at the organization level. Many organizations will find some PO practices to also be applicable to subsets of their software development, like individual development groups or projects.

PS: Protect the Software ¶

Organizations should protect all components of their software from tampering and unauthorized access.

PW: Produce Well-Secured Software ¶

Organizations should produce well-secured software with minimal security vulnerabilities in its releases.

RV: Respond to Vulnerabilities ¶

Organizations should identify residual vulnerabilities in their software releases and respond appropriately to address those vulnerabilities and prevent similar ones from occurring in the future.

SSDF Version 1.1¶

PO: Prepare the Organization¶

PS: Protect the Software¶

PW: Produce Well-Secured Software¶

RV: Respond to Vulnerabilities¶

PO: Prepare the Organization ¶

PS: Protect the Software ¶

PW: Produce Well-Secured Software ¶

RV: Respond to Vulnerabilities ¶