nist-ssdf
Safeguard articles tagged "nist-ssdf" — guides, analysis, and best practices for software supply chain and application security.
16 articles
NIST SSDF FAQ: SP 800-218, the Four Practice Groups, and Attestation
A precise FAQ on the NIST Secure Software Development Framework in 2026 — the four practice groups, the CISA self-attestation form, EO 14028 lineage, the AI augmentation, and the evidence behind it.
The NIST Secure Software Development Framework (SSDF), explained
NIST SP 800-218 is the framework behind federal secure-development attestations. Here's what its four practice groups ask of you and how to produce the evidence.
What Is a Secure SDLC (Secure Software Development Lifecycle)?
A Secure SDLC embeds security activities into every phase of software development — from planning to production — instead of bolting a security review on at the end. Here's what each phase looks like and how to build one.
Software Supply Chain Security for Government
Executive Order 14028, OMB self-attestation, the CISA attestation form, NIST SSDF, and FedRAMP have made secure software development a condition of selling to government. Here is what agencies and their vendors need.
Web Application Security Standards overview
A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.
ISO 27001 and NIST Framework Alignment for Supply Chain V...
How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.
NIST Secure Software Development Framework (SSDF) explained
NIST SP 800-218's 42 practices now back federal attestation law. Here's what SSDF actually requires, who must comply, and how it differs from SLSA and SOC 2.
Executive Order 14028 and software supply chain security
EO 14028 forces federal software vendors to produce SBOMs and attest to NIST's SSDF. Here's what it requires, key deadlines, and how to prove compliance.
Application Security Maturity Models
OWASP SAMM, BSIMM, and NIST SSDF explained: what maturity levels really measure, which framework fits your org, and why federal attestation rules now force the question.
What is a Secure SDLC (Software Development Life Cycle)
A secure SDLC embeds security into every dev phase, not just the end. Learn the model, frameworks, and pitfalls — with real breach examples.
The Complete SBOM Compliance Guide for 2026
Everything you need to know about SBOM requirements under EO 14028, NIST SSDF, and emerging global regulations.
NIST SSDF 1.2 Draft: What the Comment Period Revealed
NIST opened public comment on SP 800-218r1 SSDF v1.2 on December 17, 2025. The draft adds AI development practices, refines supply-chain controls, and aligns with EO 14306.