Grip on Secure Software Development (Grip on SSD) is the result of a broad cooperation between government organizations, security experts, and software suppliers, with the aim to jointly assure sufficient secure software. It includes a method to co-operate, a set of clear and measurable security requirements, training materials and contract texts. These publications are freely available on the CIP website and are maintained by more than 30 public and private organizations in the group ' Practitioners Grip on SSD ', including Cap Gemini, IBM, SNS Reaal, UWV, tax office, Centric, Home affairs, CGI, Sogeti, Ordina, Valori, DKTP, DUO, Police, Logius, Software Improvement Group (SIG) and NCSC.

Grip on SSD is an initiative of the Dutch CIP (Center for Information security and Privacy protection). Since mid-2012 the CIP has been enabling many government organizations to share and develop knowledge in the field of information security and privacy protection. A number of system integrators and security service providers are connected as knowledge partner. With Grip on SSD, this co-operation has developed an approach to address the issues that organizations have with getting secure software.

The three pillars of SSD are: standard security requirements, contact moments and internal SSD-processes. The latter are processes for keeping track of risks, maintaining security requirements, and growing the organization to higher maturity levels. The SSD maturity model offers a growth path and helps to manage the expectations. For the definition of the requirements the SIVA specification method has been used, aimed to suit both decision makers and security specialists.


June 2018 – NCSC embraces SSD mobile

The Dutch NCSC has published the security requirements for mobile applications, as developed by the SDD initiative.

June 2016 – SSD available in English

All the main SSD publications are now available in English: the method, the requirements and the mobile requirements.

May 2016 - SSD manifesto success

23 public and private organizations have now signed the manifesto that connects organizations actively applying Grip on SSD.

January 2016 – SSdm launched

CIP has launched 19 security requirements for mobile applications (SSDm).

May 2015 - English requirements

The SSD security requirements are now available in English.

November 2014 - SSD Practitioner community

Around twenty public and private organizations that support the Grip on SSD initiative have joined to start the ‘SSD practitioner community’. The purpose of this group is to meet periodically to share best/good practices of SSD implementations and to continue to work on the initiative.

16 January 2014 - SSD launch

CIP, the Dutch Center of Information security and Privacy has launched a recipe for development of secure software. At the iBestuur Conference this new method was offered this to the Dutch Central Government CIO Dion Kotteman by Marcel Koers (UWV), Rob van der Veer (Software Improvement Group) and Ad Reuijl (director of CIP). They have been involved in the inception of this method that describes how an organization gets grip on the development of secure software.