Organizations that provide software to U.S. federal agencies face new requirements regarding software security. By early 2023, the Federal Acquisition Regulation (FAR) Council will require compliance with NIST’s Secure Software Development Framework (SSDF). This paper helps readers understand the potential impact of SSDF compliance on their organizations and steps they can take to meet SSDF requirements.