Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Overview
Join the NIST National Cybersecurity Center of Excellence (NCCoE) on August 27, 2025 for a virtual event dedicated to exploring Secure Software Development, Security, and Operations (DevSecOps) practices. This interactive event will showcase the NCCoE’s plans to develop guidelines that demonstrate the implementation of best practices based on NIST’s Secure Software Development Framework (SSDF) and gather feedback to inform the project.
Background
The growing complexity and volume of cyber threats have made software development environments prime targets for various forms of attacks and cybersecurity breaches. Bad actors are preying on overlooked security practices in software development infrastructures and tools, misconfigurations in cloud environments, and weak access controls that lead to vulnerabilities. With these evolving cybersecurity risks and rising security breaches, most organizations that produce software have been increasingly integrating security into their DevOps environments, tools, and processes—a practice known as DevSecOps.
The NCCoE is demonstrating and documenting risk-based security practices for DevSecOps, aligned with the NIST Secure Software Development Framework (NIST SP 800-218). In this effort, the NCCoE, in collaboration with consortium members, is planning to demonstrate a holistic approach to secure software development—embedding security considerations and best practices as well as leveraging AI throughout the phases of the secure software development process to automate builds, integrations, deliveries, and deployments that lead to consistently trustworthy and quicker software development.
Event Details
This virtual event will highlight the project’s goals, provide more insight into the project’s planned demonstrations, and include discussions on cybersecurity challenges and recommendations related to secure software development. Participants will be encouraged to provide feedback throughout the event to inform the project’s focus and outputs.
Attendance is limited to 500 participants. There is no fee to attend. A post-event recording will be made available.
For any questions, email us at: NCCoE-DevSecOps [at] list.NIST.gov (NCCoE-DevSecOps[at]list[dot]NIST[dot]gov)
Recording Note: Portions of the event may be recorded and audience Q&A or comments may be captured. The recorded event may be edited and rebroadcast or otherwise made publicly available by NIST. By registering for — or attending — this event, you acknowledge and consent to being recorded.