SSDF Version 1.2¶

Welcome to the NIST Secure Software Development Framework (SSDF) documentation.

The SSDF organizes security practices into the following high-level groups:

PO: Prepare the Organization ¶

Organizations should ensure that their people, processes, and technology are prepared to perform secure software development at the organization level.

PS: Protect the Software ¶

Organizations should protect all components of their software from tampering and unauthorized access.

PW: Produce Well-Secured Software ¶

Organizations should produce well-secured software with minimal security vulnerabilities in its releases.

RV: Respond to Vulnerabilities ¶

Organizations should identify residual vulnerabilities in their software releases and respond appropriately to address those vulnerabilities and prevent similar ones from occurring in the future.

SSDF Version 1.2¶

PO: Prepare the Organization¶

PS: Protect the Software¶

PW: Produce Well-Secured Software¶

RV: Respond to Vulnerabilities¶

PO: Prepare the Organization ¶

PS: Protect the Software ¶

PW: Produce Well-Secured Software ¶

RV: Respond to Vulnerabilities ¶