Safeguard
Tag

nist-ssdf

Safeguard articles tagged "nist-ssdf" — guides, analysis, and best practices for software supply chain and application security.

16 articles

FAQ

NIST SSDF FAQ: SP 800-218, the Four Practice Groups, and Attestation

A precise FAQ on the NIST Secure Software Development Framework in 2026 — the four practice groups, the CISA self-attestation form, EO 14028 lineage, the AI augmentation, and the evidence behind it.

Jul 7, 20266 min read
Compliance

The NIST Secure Software Development Framework (SSDF), explained

NIST SP 800-218 is the framework behind federal secure-development attestations. Here's what its four practice groups ask of you and how to produce the evidence.

Jul 5, 20265 min read
Concepts

What Is a Secure SDLC (Secure Software Development Lifecycle)?

A Secure SDLC embeds security activities into every phase of software development — from planning to production — instead of bolting a security review on at the end. Here's what each phase looks like and how to build one.

Jul 4, 20266 min read
Solutions

Software Supply Chain Security for Government

Executive Order 14028, OMB self-attestation, the CISA attestation form, NIST SSDF, and FedRAMP have made secure software development a condition of selling to government. Here is what agencies and their vendors need.

Jul 3, 20265 min read
Application Security

Web Application Security Standards overview

A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.

Jun 20, 20267 min read
Compliance

ISO 27001 and NIST Framework Alignment for Supply Chain V...

How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.

Jun 6, 20267 min read
Compliance

NIST Secure Software Development Framework (SSDF) explained

NIST SP 800-218's 42 practices now back federal attestation law. Here's what SSDF actually requires, who must comply, and how it differs from SLSA and SOC 2.

May 11, 20265 min read
Compliance

Executive Order 14028 and software supply chain security

EO 14028 forces federal software vendors to produce SBOMs and attest to NIST's SSDF. Here's what it requires, key deadlines, and how to prove compliance.

May 11, 20268 min read
Application Security

Application Security Maturity Models

OWASP SAMM, BSIMM, and NIST SSDF explained: what maturity levels really measure, which framework fits your org, and why federal attestation rules now force the question.

Apr 11, 20268 min read
DevSecOps

What is a Secure SDLC (Software Development Life Cycle)

A secure SDLC embeds security into every dev phase, not just the end. Learn the model, frameworks, and pitfalls — with real breach examples.

Apr 6, 20267 min read
Compliance

The Complete SBOM Compliance Guide for 2026

Everything you need to know about SBOM requirements under EO 14028, NIST SSDF, and emerging global regulations.

Mar 15, 20263 min read
Standards

NIST SSDF 1.2 Draft: What the Comment Period Revealed

NIST opened public comment on SP 800-218r1 SSDF v1.2 on December 17, 2025. The draft adds AI development practices, refines supply-chain controls, and aligns with EO 14306.

Feb 26, 20267 min read
nist-ssdf — Safeguard Blog