NIST SP 800-218 SSDF
NIST SSDF v1.1 federal US secure software dev.
Definition
SSDF v1.1 structures 4 groups: Prepare the Organization (PO), Protect the Software (PS), Produce Well-Secured Software (PW), Respond to Vulnerabilities (RV). 19 practices + tasks. SBOM (Software Bill of Materials) expected. Compatible with OWASP SAMM, BSIMM, OpenSSF SSP. OMB self-attestation form March 2024 mandatory for US federal software.
Origin
NIST, SP 800-218 v1.1 published February 2022, OMB Memo M-22-18 September 2022, self-attestation form March 2024.
Usage
Mandatory for any software vendor selling to the US federal government. Strong voluntary enterprise adoption for supply chain due diligence.
Related terms
- NIST CSF 2.0 — cadre apparenté.
- SBOM — requirement clé.
- EO 14028 — cadre légal US.