Draft:NIST Secure Software Development Framework

Submission declined on 2 December 2024 by Ibjaja055 (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Ibjaja055 7 months ago. Last edited by HerBauhaus 2 months ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

The Secure Software Development Framework (SSDF) was developed by NIST in response to Section 4 of the US Presidential Executive Order 14028, issued on May 12, 2021^[1]. It provides a framework for securely developing software in the wake of software supply chain attacks and the prevalent use of open source software and third-party libraries. A major concept that was made popular by SSDF was the software bill of materials (SBOM) and the need for documenting the provenance (origin and history) of all software used in a system.

In February 2022, the National Institute of Standards and Technology (NIST) published the first version of the Secure Software Development Framework (SSDF) as NIST Special Publication (SP) 800-218.^[2] Under this framework, software provided to U.S. federal agencies must include a self-attestation form from the developer, verifying compliance with SSDF practices.^[3]

In June 2023, The Register reported that the U.S. Office of Management and Budget (OMB) extended the deadline for federal agencies to collect attestation certificates from software vendors related to compliance with the NIST's Secure Software Development Framework (SSDF). According to the report, this extension was due to the fact that "the form for reporting on such matters isn't complete." The article further noted that the Cybersecurity and Infrastructure Security Agency (CISA) had published a draft Secure Software Self-Attestation Form in April 2023 and set a deadline for comments on June 26.^[4]