Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment
A general US software security standard with no direct AI governance angle - low priority for APS AI practitioners.
Key points
- NIST has released SSDF Version 1.2 for public comment, closing 30 January 2026.
- The framework addresses secure software development practices across the full software lifecycle.
- This is a general software security standard - AI is not the subject, limiting APS AI relevance.
Summary
NIST has published an initial public draft of SP 800-218r1 (SSDF Version 1.2), updating its Secure Software Development Framework per Executive Order 14306. The framework provides high-level secure development practices intended to reduce software vulnerabilities across development lifecycle models, and offers a common vocabulary for acquirer-supplier communications. The public comment period closes 30 January 2026. While relevant to software procurement and security assurance broadly, AI is not the subject of this item.
"Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment" Source: NIST Information Technology RSS Published: 17 December 2025 URL: https://www.nist.gov/news-events/news/2025/12/secure-software-development-framework-ssdf-version-12-available-public NIST has published an initial public draft of SP 800-218r1 (SSDF Version 1.2), updating its Secure Software Development Framework per Executive Order 14306. The framework provides high-level secure development practices intended to reduce software vulnerabilities across development lifecycle models, and offers a common vocabulary for acquirer-supplier communications. The public comment period closes 30 January 2026. While relevant to software procurement and security assurance broadly, AI is not the subject of this item. Retrieved from SIMS, 18 May 2026.