bannerc

Questions Common to all Areas

 1. When a NASA directive requirement (e.g., SWE-022 in NPR 7150.2C) levies a NASA technical standard (e.g., NASA-STD-8739.8A), do the requirements in that technical standard become equivalent in priority to those requirements in the directive? Specifically, if NPR 7150.2C  083 is in effect, and because NASA-STD-8739.8A  278 is levied by virtue of SWE-022 and SWE-023, then are the requirements in NASA-STD-8739.8A equivalent to any SWE requirement in NPR 7150.2C?

Yes, NASA-STD-8739.8 is required by virtue of NPR 7150.2. The requirements in NASA-STD-8739.8A should be equivalent to any SWE in NPR 7150.2.  Both NPR 7150.2 and NASA-STD-8739.8A requirements can be tailored, deleted or changed by agreement of both Center TAs, SMA and Engineering.  There is flexibility if needed with these requirements.


 2. A related question arising from the NESC IRT study: Have the 2 requirements in NASA-STD-8739.8A on code coverage and cyclomatic complexity been added to NPR 7150.2C?

No, the two requirements have not been added into NPR 7150.2 yet.  I’m not sure what the schedule is for adding the requirements into the NPR.  Both requirements are applicable if you have safety-critical code per NASA-STD-8739.8A.

The NASA Software Assurance and Software Safety Standard, NASA-STD-8739.8, levies additional requirements both on software assurance and on safety-critical software. 


3. Are some of the non-NASA documents being considered for use with cybersecurity, like those in the automobile industry?

Yes, NASA is looking at the documents in other industries and in some cases participates in some of the Standards Groups, such as IEEE. For cybersecurity, NASA has built on the information from NIST (National Institute of Standards and Technology), HSDP (Healthsuite Digital Platform), and FIPS (Federal Information Processing Standard). However, many of the documents from other industries (like automotive) cannot be applied directly, so NASA is developing its own directives and standards.


4. What are some of the key activities that improve coding and testing?

The following activities could potentially improve software development:

  • Develop better and more explicit requirements
  • Use secure coding standards
  • Perform bi-directional traces as required in SWE-052 of NPR 7150.2: (For A, B, and C SW classifications)
    • High level requirements to software requirements
    • Software requirements to system hazards
    • Software requirements to software design components
    • Software design components to software code
    • Software requirements to test procedures
    • Software requirements to software non-conformances

For SW Class D Classifications:

  • Software requirements to system hazards
  • Software requirements to test procedures
  • Software requirements to software non-conformances
  • Do peer reviews or inspections on complex design and code modules, requirements and test procedures
  • Use static analysis tools before testing
  • Perform unit testing
  • Think about maintenance/future upgrades as the system/software is being designed and coded

Follow good engineering practices


5. Is NASA following IEEE 1633 for software reliability practices?

NPR 7150.2 and NASA-STD-8739.8 contain practices that help build more reliable software, but NASA is not specifically following IEEE 1633.

  • No labels