NIST Consortium Drafts Guidelines to Improve Software Security

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) is collaborating with a consortium of 14 industry partners, led by the National Cybersecurity Center of Excellence (NCCoE), to develop guidelines for secure and agile software development. This initiative responds to a June 2025 executive order – specifically Executive Order 14036 – aimed at strengthening national cybersecurity, and builds upon the NIST Secure Software Development Framework (SSDF). The consortium is currently soliciting public comments on draft guidelines, with a deadline of September 12, and will host a virtual event on August 27 to gather further feedback on the project.

Initiative Driven by Executive Order

The initiative to enhance software security stems directly from Executive Order 14306, issued in June 2025, and builds upon prior executive directives – specifically amending Executive Orders 13694 and 14144 – to bolster national cybersecurity. In response, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) established the Software Supply Chain and DevOps Security Practices Consortium. This consortium, led by NIST’s National Cybersecurity Center of Excellence (NCCoE), comprises 14 industry partners and is tasked with developing guidelines for secure software development.

The consortium’s work centres on demonstrating the practical implementation of best practices as defined within NIST’s Secure Software Development Framework (SSDF). These forthcoming guidelines aim to facilitate the creation of software resistant to cyber breaches and devoid of malicious code, adopting an agile methodology alongside robust security testing. NIST is currently soliciting public comments on the draft guidelines, with a deadline of September 12, and will host a virtual event on August 27 to present the project and gather further feedback. The initiative represents a concerted effort to address vulnerabilities within the software supply chain and improve the overall security posture of critical systems.

Consortium Aims to Enhance Software Security

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has convened the Software Supply Chain and DevOps Security Practices Consortium to address software vulnerabilities and enhance national cybersecurity. Led by NIST’s National Cybersecurity Center of Excellence (NCCoE), the consortium comprises 14 industry partners collaborating to develop guidelines for secure software development. These guidelines are specifically designed to demonstrate the practical application of best practices outlined in NIST’s Secure Software Development Framework (SSDF).

The consortium’s objective is to facilitate the creation of software that is both resilient against cyber breaches and free from malicious code, achieved through the implementation of an agile methodology alongside rigorous security testing protocols. NIST is actively soliciting public feedback on the draft guidelines, with comments accepted until September 12. To further gather input and showcase the project, a virtual event is scheduled for August 27, providing a platform for discussion and refinement of the proposed standards. This collaborative effort directly responds to stipulations within Executive Order 14306, issued in June 2025, and builds upon existing executive directives – specifically amending Executive Orders 13694 and 14144 – aimed at strengthening the nation’s cybersecurity infrastructure.