New Live Guidelines for Secure Software Development, Security, and Operations Practices

The NIST National Cybersecurity Center of Excellence (NCCoE) is releasing a live document as part of its Secure Software Development, Security, and Operations (DevSecOps) Practices project. This project demonstrates how organizations can implement the security practices and tasks recommended in the NIST Secure Software Development Framework (SSDF) using modern DevSecOps pipelines and commercially available technology. The live document is open for public comment until April 24, 2026.

This release provides several components of the NCCoE DevSecOps demonstration, including:

1. An updated Executive Summary and Introduction, highlighting the purpose and background of this project.
2. A notional reference model for DevSecOps to demonstrate the NIST SSDF.
3. Details on the first example implementation, which demonstrates DevSecOps practices in a Microsoft Azure-based environment.
4. An appendix highlighting industry collaborators in the project and their technologies used in the demonstration environment.

The live document shares findings from the NCCoE's collaborative, demonstrative applied research project with...

Copyright of this story solely belongs to nist.gov. To see the full text click HERE