What does the NCSP® 800-218 Awareness course cover?

It introduces the NIST Secure Software Development Framework (SSDF), including secure-by-design and secure-by-default practices.

Who is this course for?

Developers, DevOps teams, product managers, and anyone involved in software assurance.

Do I get a certificate?

Yes. The NCSP® 800-218 Awareness Certificate is provided upon completion.

NIST Cybersecurity Professional®
NCSP® 800-218 Awareness Certificate

Build Awareness of the NIST Secure Software Development Framework (SSDF)

NIST Cybersecurity Professional®

NCSP® 800-218 Awareness Certificate

Course Description

NIST Special Publication 800‑218, Secure Software Development Framework (SSDF), provides a set of fundamental, outcome‑based practices for building secure software and reducing vulnerabilities throughout the software development lifecycle. It supports organisations in strengthening software supply‑chain security, improving development processes, and meeting regulatory and customer expectations for secure‑by‑design software.

The NCSP® 800‑218 Awareness Certificate is a half‑day, instructor‑led course offering a concise introduction to the purpose, structure, and strategic value of the NIST SSDF. Designed for executives, managers, developers, and stakeholders, this course explains how secure software development practices reduce risk, improve product assurance, and support compliance, without requiring deep technical coding expertise.

Participants gain a high‑level understanding of the SSDF practices, secure‑by‑design principles, organisational responsibilities, and how 800‑218 integrates with CSF 2.0, 800‑161, 800‑53, and modern software supply‑chain security expectations.

What You Will Learn

Participants gain essential awareness‑level knowledge of NIST SP 800‑218. You will learn:

The purpose, scope, and evolution of the NIST Secure Software Development Framework.
The four SSDF practice groups and their role in reducing software risk.
How secure‑by‑design and secure‑by‑default principles strengthen software assurance.
Organisational roles and responsibilities in secure software development.
How SSDF supports software supply‑chain security and regulatory compliance.
How 800‑218 aligns with CSF 2.0, 800‑161, 800‑53, and industry secure‑software initiatives.

Course Agenda

Module 1: Introduction to NIST SP 800‑218 & Secure Software Development

A high‑level overview of NIST SP 800‑218, its purpose, and its role in improving software security and supply‑chain assurance. Introduces secure‑by‑design principles and the importance of integrating security into development processes.

Module 2: SSDF Structure & the Four Practice Groups

An awareness‑level introduction to the SSDF practice groups:
- Prepare the Organization (PO)
- Protect the Software (PS)
- Produce Well‑Secured Software (PW)
- Respond to Vulnerabilities (RV)
Explains how these practices reduce vulnerabilities and strengthen software assurance.

Module 3: Roles, Responsibilities & Governance for Secure Software Development

A concise overview of key roles involved in secure software development, including developers, architects, product owners, security engineers, and governance bodies. Covers organisational responsibilities, policy integration, and lifecycle oversight.

Module 4: Applying NIST 800‑218 in Practice - Alignment, Use Cases & Software Supply‑Chain Security

An introduction to how organisations apply the SSDF in real‑world environments. Covers alignment with CSF 2.0, 800‑161 supply‑chain security, 800‑53 controls, and industry initiatives such as SBOMs, secure‑by‑design guidance, and regulatory expectations.

Learning Outcomes

Participants will be able to:

Describe the purpose and structure of NIST SP 800‑218.
Explain the four SSDF practice groups at an awareness level.
Understand secure‑by‑design and secure‑by‑default principles.
Recognise key roles and responsibilities in secure software development.
Identify how 800‑218 aligns with CSF 2.0, 800‑161, 800‑53, and software supply‑chain requirements.
Communicate the strategic value of secure software development to stakeholders and teams.

Who Should Attend?

This course is designed for professionals who need a foundational understanding of secure software development, including:

Executives & Senior Leaders
Software Developers & Engineers
Product Owners & System Owners
Governance, Risk & Compliance (GRC) Stakeholders
DevSecOps & Platform Engineering Teams
Security & Privacy Managers
Anyone seeking an introduction to secure‑by‑design software practices

Prerequisites

There are no prerequisites for this Awareness‑level course. No coding or engineering background is required.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-218 Awareness Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-218 Awareness Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-218 Awareness Certificate digital badge.

Enrol Today

This NCSP 800‑218 Awareness course provides students with a high‑level understanding of the NIST SSDF and secure‑by‑design software development practices.