Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment
A US secure software development standard update - peripheral to APS AI governance unless agencies are actively procuring or developing software under SSDF-aligned requirements.
Key points
- NIST has released SSDF Version 1.2 for public comment, covering secure software development practices.
- The framework addresses software vulnerability mitigation across development lifecycle models - not specific to AI.
- Limited direct relevance to APS AI governance work; this is a general secure software development standard.
View original source
Copied.
"Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment"
Source: NIST Information Technology RSS
Published: 17 December 2025
URL: https://www.nist.gov/news-events/news/2025/12/secure-software-development-framework-ssdf-version-12-available-public
NIST has published an initial public draft of Special Publication 800-218r1, updating the Secure Software Development Framework (SSDF) to Version 1.2. The framework provides high-level secure software development practices for integration into software development lifecycle models, aimed at reducing vulnerabilities and supporting supplier communications in acquisition processes. The update was issued under US Executive Order 14306. The public comment period closes 30 January 2026. AI is not a focus of this document; it is a general software security standard.
Retrieved from SIMS, 18 July 2026.