U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Announcements

New | Software Supply Chain and DevOps Security Practices Publication Released and August Virtual Event Registration Open!

NIST | NCCoE

The NIST NCCoE is excited to announce the release of the preliminary draft Volume A of NIST Special Publication (SP) 1800-44, Secure Software Development, Security, and Operations (DevSecOps) Practices, to provide a high-level overview of the guidelines NIST is developing to increase the security of software. In addition, we invite you to join us for a virtual event scheduled for August 27, 2025.

Background

The NCCoE is collaborating with 14 companies through the Software Supply Chain and DevOps Security Practices Consortium as part of NIST’s response to White House Executive Order (EO) 14306, Sustaining Select Efforts to Strengthen the Nation's Cybersecurity and Amending Executive Order 13694 and Executive Order 14144. As stipulated in the EO, NIST is directed to establish the consortium to develop guidelines that demonstrate the implementation of best practices based on NIST’s Secure Software Development Framework (SSDF).

In this effort, the NCCoE is actively collaborating with consortium members and other organizations to showcase a holistic approach to secure software development, embedding security considerations and best practices as well as leveraging AI throughout the phases of the secure software development process to automate builds, integrations, deliveries, and deployments that lead to consistently trustworthy and quicker software development.

Draft Guidance for Public Comment

The NCCoE has released a preliminary public draft Volume A of Secure Software Development, Security, and Operations (DevSecOps) Practices (NIST Special Publication (SP) 1800-44) for public comment. The current version provides a high-level overview of the scope of the project; future guidelines will be released to include a detailed reference model and specific implementation guidelines for each of the project’s planned use cases.

The NCCoE welcomes public comment on the preliminary draft guidelines until Sept. 12, 2025. The project team plans to release additional drafts of the guidelines incrementally throughout the life of the project, accompanied by public comment periods. Those interested can also join the NCCoE DevSecOps Community of Interest (COI) to stay up to date and collaborate on the project.

August Virtual Event

Those interested in contributing to the development of the draft guidelines are encouraged to register for and attend a virtual event on August 27, 2025 from 1:00-3:30p.m. EDT.

The virtual event will highlight the project’s goals, provide more insight into the project’s planned demonstrations, and include discussions on cybersecurity challenges and recommendations related to secure software development. Participants will be encouraged to provide feedback throughout the event to inform the project’s focus and outputs.

Attendance for the virtual event is limited to 500 participants and is first-come, first-serve. There is no fee to attend. A recording will be made available after the event. 

For any questions, email the project team at: [email protected]