United States of America: National Institute of Standards and Technology opened consultation on draft secure software development, security, and operations practices

On 30 July 2025, the National Institute of Standards and Technology (NIST) opened a consultation until 12 September 2025, on the first preliminary draft of special publication on secure software development, security, and operations (DevSecOps) practices. The draft provides a risk-based implementation approach to DevSecOps aligned with the Secure Software Development Framework (SSDF) (SP 800-218 and SP 800-218A), covering all phases of the software lifecycle, including plan, develop, build, test, release, deploy, and operate. Components include Zero Trust Architecture (ZTA), automated conformance artefact generation, continuous integration and delivery (CI/CD) pipelines, third-party component scanning, and secure integration of commercial off-the-shelf (COTS) and artificial intelligence (AI) tools. Security functions addressed include identity and access management, traceability of AI-generated code, verification of software artefacts, and monitoring for closed-source cloud-based environments.