References (19)

TD  Definition of Security Requirements for Software Development, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.1: Definition of Security Requirements for Software Development. Requires an organization to ensure that security requirements for software development are known at all times so that they can be taken into account throughout the SDLC and duplication of effort can be minimized because the requirements information can be collected once and shared. This includes requirements from internal sources (e.g., the organization's policies, business objectives, and risk management strategy) and external sources (e.g., applicable laws and regulations).
ID	TD_DefinitionofSecurityRequirementsforSoftwareDevelopment
Provider Reference

TD  Implementation of SDLC Roles and Responsibilities, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.2: Implementation of SDLC Roles and Responsibilities. Requires an organization to ensure that everyone inside and outside of the organization involved in the SDLC is prepared to perform their SDLC-related roles and responsibilities throughout the SDLC.
ID	TD_ImplementationofSDLCRolesandResponsibilities
Provider Reference

TD  Implementation of SDLC Supporting Toolchains, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.3: Implementation of SDLC Supporting Toolchains. Requires an organization to use automation to reduce human effort and improve the accuracy, reproducibility, usability, and comprehensiveness of security practices throughout the SDLC, as well as provide a way to document and demonstrate the use of these practices. Toolchains and tools may be used at different levels of the organization, such as organization-wide or project-specific, and may address a particular part of the SDLC, like a build pipeline.
ID	TD_ImplementationofSDLCSupportingToolchains
Provider Reference

TD  Definition and Use of Criteria for SDLC Software Security Checks, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.4: Definition and Use of Criteria for SDLC Software Security Checks. Requires an organization to help ensure that the software resulting from the SDLC meets the organization's expectations by defining and using criteria for checking the software's security during development.
ID	TD_DefinitionandUseofCriteriaforSDLCSoftwareSecurityChecks
Provider Reference

TD  Implementation and Maintenance of Secure Environments for Software Development, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.5: Implementation and Maintenance of Secure Environments for Software Development. Requires an organization to ensure that all components of the environments for software development are strongly protected from internal and external threats to prevent compromises of the environments or the software being developed or maintained within them. Examples of environments for software development include development, build, test, and distribution environments.
ID	TD_ImplementationandMaintenanceofSecureEnvironmentsforSoftwareDevelopment
Provider Reference

TD  Protection of All Forms of Code from Unauthorized Access and Tampering, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PS.1: Protection of All Forms of Code from Unauthorized Access and Tampering. Requires an organization to help prevent unauthorized changes to code, both inadvertent and intentional, which could circumvent or negate the intended security characteristics of the software. For code that is not intended to be publicly accessible, this helps prevent theft of the software and may make it more difficult or time-consuming for attackers to find vulnerabilities in the software.
ID	TD_ProtectionofAllFormsofCodefromUnauthorizedAccessandTampering
Provider Reference

TD  Provision of a Mechanism for Verifying Software Release Integrity, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PS.2: Provision of a Mechanism for Verifying Software Release Integrity. Requires an organization to help software acquirers ensure that the software they acquire is legitimate and has not been tampered with.
ID	TD_ProvisionofaMechanismforVerifyingSoftwareReleaseIntegrity
Provider Reference

TD  Archival and Protection of Each Software Release, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PS.3: Archival and Protection of Each Software Release. Requires an organization to preserve software releases in order to help identify, analyze, and eliminate vulnerabilities discovered in the software after release.
ID	TD_ArchivalandProtectionofEachSoftwareRelease
Provider Reference

TD  Design of Software to Meet Security Requirements and Mitigate Security Risks, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.1: Design of Software to Meet Security Requirements and Mitigate Security Risks. Requires an organization to identify and evaluate the security requirements for the software; determine what security risks the software is likely to face during operation and how the software's design and architecture should mitigate those risks; and justify any cases where risk-based analysis indicates that security requirements should be relaxed or waived. Addressing security requirements and risks during software design (secure by design) is key for improving software security and also helps improve development efficiency.
ID	TD_DesignofSoftwaretoMeetSecurityRequirementsandMitigateSecurityRisks
Provider Reference

TD  Review of Software Design to Verify Compliance with Security Requirements and Risk Information, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.2: Review of Software Design to Verify Compliance with Security Requirements and Risk Information. Requires an organization to help ensure that the software will meet the security requirements and satisfactorily address the identified risk information.
ID	TD_ReviewofSoftwareDesigntoVerifyCompliancewithSecurityRequirementsandRiskInformation
Provider Reference

TD  Reuse of Existing, Well-Secured Software When Feasible Instead of Duplicating Functionality, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.4: Reuse of Existing, Well-Secured Software When Feasible Instead of Duplicating Functionality. Requires an organization to lower the costs of software development, expedite software development, and decrease the likelihood of introducing additional security vulnerabilities into the software by reusing software modules and services that have already had their security posture checked. This is particularly important for software that implements security functionality, such as cryptographic modules and protocols.
ID	TD_ReuseofExistingWellSecuredSoftwareWhenFeasibleInsteadofDuplicatingFunctionality
Provider Reference

TD  Creation of Source Code via Adherence to Secure Coding Practices, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.5: Creation of Source Code via Adherence to Secure Coding Practices. Requires an organization to decrease the number of security vulnerabilities in the software, and reduce costs by minimizing vulnerabilities introduced during source code creation that meet or exceed organization-defined vulnerability severity criteria.
ID	TD_CreationofSourceCodeviaAdherencetoSecureCodingPractices
Provider Reference

TD  Configuration of Compilation, Interpreter, and Build Processes to Improve Executable Security, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.6: Configuration of Compilation, Interpreter, and Build Processes to Improve Executable Security. Requires an organization to decrease the number of security vulnerabilities in the software and reduce costs by eliminating vulnerabilities before testing occurs.
ID	TD_ConfigurationofCompilationInterpreterandBuildProcessestoImproveExecutableSecurity
Provider Reference

TD  Review and/or Analysis of Human-Readable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.7: Review and/or Analysis of Human-Readable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements. Requires an organization to help identify vulnerabilities so that they can be corrected before the software is released to prevent exploitation. Using automated methods lowers the effort and resources needed to detect vulnerabilities. Human-readable code includes source code, scripts, and any other form of code that an organization deems human-readable.
ID	TD_ReviewandorAnalysisofHumanReadableCodetoIdentifyVulnerabilitiesandVerifyCompliancewithSecurityRequirements
Provider Reference

TD  Testing of Executable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.8: Testing of Executable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements. Requires an organization to help identify vulnerabilities so that they can be corrected before the software is released in order to prevent exploitation. Using automated methods lowers the effort and resources needed to detect vulnerabilities and improves traceability and repeatability. Executable code includes binaries, directly executed bytecode and source code, and any other form of code that an organization deems executable.
ID	TD_TestingofExecutableCodetoIdentifyVulnerabilitiesandVerifyCompliancewithSecurityRequirements
Provider Reference

TD  Configuration of Software to Have Secure Settings by Default, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.9: Configuration of Software to Have Secure Settings by Default. Requires an organization to help improve the security of the software at the time of installation to reduce the likelihood of the software being deployed with weak security settings, putting it at greater risk of compromise.
ID	TD_ConfigurationofSoftwaretoHaveSecureSettingsbyDefault
Provider Reference

TD  Identification and Confirmation of Vulnerabilities on an Ongoing Basis, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice RV.1: Identification and Confirmation of Vulnerabilities on an Ongoing Basis. Requires an organization to help ensure that vulnerabilities are identified more quickly so that they can be remediated more quickly in accordance with risk, reducing the window of opportunity for attackers.
ID	TD_IdentificationandConfirmationofVulnerabilitiesonanOngoingBasis
Provider Reference

TD  Assessment, Prioritization, and Remediation of Vulnerabilities, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice RV.2: Assessment, Prioritization, and Remediation of Vulnerabilities. Requires an organization to help ensure that vulnerabilities are remediated in accordance with risk to reduce the window of opportunity for attackers.
ID	TD_AssessmentPrioritizationandRemediationofVulnerabilities
Provider Reference

TD  Analysis of Vulnerabilities to Identify Their Root Causes, v1.1
Description	Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice RV.3: Analysis of Vulnerabilities to Identify Their Root Causes. Requires an organization to help reduce the frequency of vulnerabilities in the future.
ID	TD_AnalysisofVulnerabilitiestoIdentifyTheirRootCauses
Provider Reference

Sources (1)