NIST SP 800-218, the Secure Software Development Framework (SSDF), provides a set of high-level, fundamental practices designed to integrate security throughout the software development lifecycle (SDLC). The framework is organized into four main categories: Prepare the Organization (establishing security policies, responsibilities, and training), Protect the Software (safeguarding code and development environments from tampering and unauthorized access), Produce Well-Secured Software (embedding security into design, coding, and testing to minimize vulnerabilities), and Respond to Vulnerabilities (identifying, addressing, and learning from security flaws post-release). Rather than prescribing specific tools or methods, the SSDF focuses on desired security outcomes and is adaptable to any organization, technology, or development methodology. It enables organizations to systematically reduce vulnerabilities, enhance software resilience, and meet regulatory or contractual security requirements.
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / AppSec