ANSI encourages relevant stakeholders to respond to the National Institute of Standards and Technology (NIST)’s newly released draft guidelines aimed at helping organizations develop software in a secure, agile fashion and test for security vulnerabilities: NIST Special Publication (SP) 1800-44, Secure Software Development, Security, and Operations (DevSecOps) Practices.
The high-level implementation guidelines are being developed by a NIST consortium including National Cybersecurity Center of Excellence (NCCoE) computer security experts and 14 industry partners—including ANSI members—in response to a June 2025 executive order to strengthen the nation’s cybersecurity. They are based on NIST's Secure Software Development Framework (SSDF), which provides fundamental secure software development practices derived from established guidance documents from organizations including the Business Software Alliance, the Open Worldwide Application Security Project (OWASP), and SAFECode.
“The SSDF looks at building software holistically, helping organizations figure out what needs to be done to make their development environment more secure, how to protect it and find deficiencies that make it vulnerable,” said NCCoE’s Alper Kerman, SP 1800-44 co-author. “The draft guidelines we are developing will show how organizations can use commercial, off-the-shelf technologies and AI capabilities and apply zero trust principles and methodologies to create an efficient and secure development environment for producing fast and more reliable software.”
NIST reports that following the SSDF practices—which will be updated periodically to reflect input—should help software producers reduce the number of vulnerabilities in released software, reduce the potential impact of exploiting undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent recurrences.
Comments on SP 1800-44 are requested by September 12. See NIST’s news item for details.
Get involved: Organizations interested in contributing to the development of the draft guidelines can join NIST’s virtual event at 1 p.m. ET on August 27 to learn more about project’s goals, as well as offer feedback and additional insight for the project. Registration for the event is available online. NIST also invites the public to join its Community of Interest, with participation open to all interested organizations. For more information, write to [email protected].
