Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Secure Software
Develop a companion resource to Secure Software Development Framework (SSDF) (EO Sec. 4.1(a)(i)(B))
On July 26, 2024, NIST released SP800-218A, final Generative AI companion resource to NIST’s Secure Software Development Framework (SSDF).
At a foundational level, AI systems are built and operate on software. It is critical that the software being developed is well-secured to:
- Reduce the number of vulnerabilities in released software;
- Mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities; and
- Address root causes of vulnerabilities to prevent future recurrences.
NIST worked with interagency collaborators – and sought feedback from the broader community through open and transparent processes – to develop a companion to NIST’s SSDF. NIST held a virtual workshop on Secure Development Practices for AI Models on January 17, 2024. This workshop supported the EO 14110 task for NIST to develop a companion resource to the NIST Secure Software Development Framework (SSDF). A livestream of the workshop can be viewed on NIST's website.
On April 29, 2024, NIST released a draft Generative AI companion resource to NIST’s Secure Software Development Framework (SSDF).
This resource incorporates secure development practices for generative AI and dual-use foundation models and was finalized after receiving public comments.