Guidelines  ·  2026-07-11

CIS + SAFECode Publish Secure by Design v1.1 with AI-Specific Software Security Guidance

GuidelinesMedium impactGlobal
On July 9, 2026, CIS and SAFECode published Version 1.1 of 'Secure by Design: A Guide to Assessing Software Security Practices,' updating the guide that builds on the NIST Secure Software Development Framework (SSDF). The new version adds specific guidance on software security practices in the context of artificial intelligence and aligns with emerging international standards, going beyond the original guide's scope.
Secure by Design is a widely-referenced companion to NIST SSDF used by software assessors and procurement teams; adding AI-specific assessment criteria extends an already-adopted control-assessment framework into AI/ML development pipelines, giving practitioners a concrete checklist to evaluate AI-enabled software security practices.
Software security assessors and AI development teams should incorporate the new AI-specific practices from v1.1 into existing SSDF-aligned assessment processes and procurement questionnaires.
CIS - Secure by Design v1.1 white paper
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →