Date Published: April 29, 2024
Comments Due:
Email Comments to:
Author(s)
Harold Booth (NIST), Murugiah Souppaya (NIST), Apostol Vassilev (NIST), Michael Ogata (NIST), Martin Stanley (CISA), Karen Scarfone (Scarfone Cybersecurity)
Announcement
This publication augments the secure software development practices and tasks defined in SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. SP 800-218A adds practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle.
These additions are documented in the form of an SSDF Community Profile to support Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which tasked NIST with “developing a companion resource to the [SSDF] to incorporate secure development practices for generative AI and for dual-use foundation models.”
This Community Profile is intended to be useful to the producers of AI models, the producers of AI systems that use those models, and the acquirers of those AI systems. This Profile should be used in conjunction with SP 800-218.
Submit Comments
NIST requests feedback on all parts of SP 800-218A.
Comments on NIST SP 800-218A may be sent electronically to SSDF@nist.gov with “NIST SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models” in the subject line.
[Available soon] Comments may also be submitted via www.regulations.gov: Enter NIST-2024-0001 in the search field, click on the “Comment Now!” icon, complete the required fields, including “NIST SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models” in the subject field, and enter or attach your comments.
Comments containing information in response to this notice must be received on or before June 2, 2024, at 11:59 PM Eastern Time.
This document augments the secure software development practices and tasks defined in Secure Software Development Framework (SSDF) version 1.1 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. These additions are documented in the form of an SSDF Community Profile to support Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which tasked NIST with “developing a companion resource to the [SSDF] to incorporate secure development practices for generative AI and for dual-use foundation models.” This Community Profile is intended to be useful to the producers of AI models, the producers of AI systems that use those models, and the acquirers of those AI systems. This Profile should be used in conjunction with NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.
This document augments the secure software development practices and tasks defined in Secure Software Development Framework (SSDF) version 1.1 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the...
See full abstract
This document augments the secure software development practices and tasks defined in Secure Software Development Framework (SSDF) version 1.1 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. These additions are documented in the form of an SSDF Community Profile to support Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which tasked NIST with “developing a companion resource to the [SSDF] to incorporate secure development practices for generative AI and for dual-use foundation models.” This Community Profile is intended to be useful to the producers of AI models, the producers of AI systems that use those models, and the acquirers of those AI systems. This Profile should be used in conjunction with NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.
Hide full abstract
Keywords
artificial intelligence; artificial intelligence model; cybersecurity risk management; generative artificial intelligence; secure software development; Secure Software Development Framework (SSDF); software acquisition; software development; software security
Control Families
None selected
