New Live Guidelines for Secure Software Development, Security, and Operations Practices
A US cybersecurity software development standard with no direct AI governance content — low priority for APS AI practitioners.
Key points
- NIST NCCoE releases a live DevSecOps guidance document implementing the Secure Software Development Framework (SSDF).
- The guidance covers DevSecOps pipelines in commercial environments, including a Microsoft Azure reference implementation.
- AI is not a subject of this item; it is a cybersecurity/software development standard with no direct AI governance content.
View original source
Copied.
"New Live Guidelines for Secure Software Development, Security, and Operations Practices"
Source: NIST Information Technology RSS
Published: 24 March 2026
URL: https://www.nist.gov/news-events/news/2026/03/new-live-guidelines-secure-software-development-security-and-operations
NIST's National Cybersecurity Center of Excellence has released a live, rolling-update document supporting its DevSecOps Practices project, demonstrating how organisations can implement the NIST Secure Software Development Framework using modern DevSecOps pipelines and commercially available tools. The initial release includes a reference model, an Azure-based example implementation, and details on 14 industry collaborators. Public comment is open until 24 April 2026. The project responds to US Executive Order 14306 on cybersecurity. While relevant to secure software procurement and supply chain security broadly, AI governance is not its subject.
Retrieved from SIMS, 18 July 2026.