RegScale Announces Support for the NIST 800-218 SSDF Catalog

March 2, 2023 | By J. Travis Howerton

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 Revision 1 provides on best practices for secure software development. Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This document recommends the Secure Software Development Framework (SSDF) – a core set of high-level secure software development practices that can be integrated into each SDLC implementation. Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Because the framework provides a common vocabulary for secure software development, software purchasers and consumers can also use it to foster communications with suppliers in acquisition processes and other management activities.

At RegScale, we give software development teams easy and free tools to get started with building a fully compliant 800-218 program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of February 25, 2023, RegScale has announced that we officially support the NIST SP 800-218 as a catalog within our platform with automated tools/wizards for building secure software. In addition, we have published multiple machine readable formats of 800-218 including the raw JSON and NIST OSCAL that are available upon request. These artifacts are freely available for others to reuse in their software development programs using machine readable formats.

Schedule a free demo today to learn how RegScale can help you continuously meet your secure software development requirements. If you are ready to start automating your development processes for creating and managing 800-218 requirements in your security program, this demo will also show how you can leverage RegScale to deliver continuous security throughout your SDLC. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust 800-218 compliance artifacts that will help you pass audits and reduce your risk with ease. With RegScale, our customers get software with a service to provide a concierge like experience for reducing risk related to their software development processes.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.