Which model is used for secure software development lifecycle?

Correct answer: NIST Secure Software Development Framework (SSDF)

Option A is correct because the NIST Secure Software Development Framework (SSDF), published as NIST SP 800-218, provides a set of fundamental secure software development practices organized into four groups: Prepare the Organization, Protect the Software, Produce Well-Secured Software, and Respond to Vulnerabilities, making it the authoritative model for secure software development lifecycle. Option B is incorrect because COBIT (Control Objectives for Information and Related Technologies) is an IT governance and management framework focused on aligning IT with business goals, not specifically on secure software development practices. Option C is incorrect because ISO 27001 is an information security management system standard for organizational security controls and risk management, not a software development lifecycle framework. Option D is incorrect because ITIL (Information Technology Infrastructure Library) is a set of IT service management best practices focused on delivering IT services, not on securing the software development process.