NIST.IR.8307

As part of the mandates contained in Executive Order 14028, NIST was tasked with establishing and publishing guidance for software development and verification of vendor software.

This document is a local copy (inclusive of internal comments from our team), but the link to the original is available inline.

One should note that while the title is in reference to vendor software, these will be the upcoming requirements to be applied to all consumer software and associated with the initiative for software labeling.

As always, this is not new information but is content that has been recompiled into a new publication (which is potentially why it does not flow well in a full reading). It both includes aspects and refers to previously published guidance and is not restricted to what some may consider "developer verification" or testing, as it is predicated upon the assumption that development happens according to the SSDF (Secure Software Development Framework), which is not a foregone conclusion for the majority of software development.

For the full text of this document, please click Learn More below.