Safeguard
Tag

ssdf

Safeguard articles tagged "ssdf" — guides, analysis, and best practices for software supply chain and application security.

21 articles

Compliance

NIST SP 800-218A: SSDF Practices for Generative AI Models

NIST finalized SP 800-218A on July 26, 2024, augmenting the Secure Software Development Framework with practices specific to generative AI and dual-use foundation models.

Feb 10, 20256 min read
Industry Analysis

MITRE ATT&CK Meets SSDF: A Mapping

ATT&CK describes how adversaries operate; SSDF describes how to build software that resists them. Here's how to map adversary techniques to secure-development tasks so your threat model drives real engineering change.

Dec 18, 20247 min read
Guides

How to Meet EO 14028 Self-Attestation Requirements Step by Step

The CISA attestation form is final and the deadlines are real. Here is the step-by-step path: scope, SSDF evidence, POA&Ms, and RSAA submission.

May 2, 20247 min read
Regulatory Compliance

SOC 2 Meets SSDF: A Practical Mapping

SOC 2 auditors are starting to ask about secure development practices. Here's how to map NIST SSDF tasks onto SOC 2 Trust Services Criteria without duplicating work.

Mar 18, 20246 min read
Regulatory Compliance

NIST SSDF v1.1: Practical Adoption Notes

NIST SP 800-218 became the de facto baseline for federal software attestation in 2023. Here is how to adopt SSDF v1.1 without drowning in paperwork.

May 15, 20235 min read
Compliance & Regulations

CISA Self-Attestation Form: What Software Producers Need to Know

OMB M-22-18 requires software producers selling to the federal government to self-attest to secure development practices. Here's what's required.

Oct 8, 20226 min read
Regulatory Compliance

SLSA vs SSDF vs S2C2F: Framework Comparison

Three supply chain integrity frameworks. Three different authors. Three different audiences. A practical comparison of SLSA, NIST SSDF, and Microsoft S2C2F for teams picking one.

Aug 30, 20227 min read
Compliance & Regulations

NIST SP 800-218 (SSDF) Final Publication: What It Means for Your Organization

NIST finalized the Secure Software Development Framework in February 2022. If you sell software to the US government — or plan to — compliance is no longer optional.

May 5, 20225 min read
Compliance & Regulations

NIST SSDF Framework: A Practical Guide

The Secure Software Development Framework (SSDF) is becoming the baseline for federal software security. Here's what it contains and how to implement it.

Jun 18, 20216 min read
ssdf (Page 2) — Safeguard Blog