DHS/CISA Secure Software Development Self Attestation Form

This repository contains a markdown version of the draft Secure Software Development Self Attestation Form.

It also contains a table of the references at the top of the original RFC PDF, and a fully-clickable table with the full SSDF (NIST SP 800-218) controls.

All the credit goes to the folks at NIST, CISA, and DHS for putting these together.

Purpose

I found myself struggling to copy/paste/modify the PDF version as I read it and prepared my comments. I figured that converting to markdown will make it easier to read and reference in other tools.

Links are clickable wherever possible to make it easier to reference specific sections of the document.

I also decided to share this in case anyone else is doing the same thing. Remember, comments are due by June 26th!

Original Version

The PDF version of this draft is available on cisa.gov. It was released as part of a Request For Comments on April 27th.

The SSDF table comes from the original SSDF (NIST SP 800-218) controls table.

Differences

The only intended differences are related to markdown formatting (ordered list delimters, etc.). Feel free to send PRs if anything else is missed!

Disclaimer: this is not official in any way, and is only intended to make consuming that information easier.