What happened
On July 9, 2026, CIS and SAFECode published Version 1.1 of 'Secure by Design: A Guide to Assessing Software Security Practices,' updating the guide that builds on the NIST Secure Software Development Framework (SSDF). The new version adds specific guidance on software security practices in the context of artificial intelligence and aligns with emerging international standards, going beyond the original guide's scope.
Why it matters
Secure by Design is a widely-referenced companion to NIST SSDF used by software assessors and procurement teams; adding AI-specific assessment criteria extends an already-adopted control-assessment framework into AI/ML development pipelines, giving practitioners a concrete checklist to evaluate AI-enabled software security practices.
Action needed
Software security assessors and AI development teams should incorporate the new AI-specific practices from v1.1 into existing SSDF-aligned assessment processes and procurement questionnaires.