bannerd


8.16 - SA Products

1. Introduction

This topic provides detailed information on the work products produced as a result of the performing the Software Assurance and Software Safety (SASS) tasks required in NASA-STD-8739.8  278. Each SASS task has been mapped to one or more of nine major SASS products or the product listed as "Objective Evidence". See Topic 8.15 - SA Tasking Checklist Tool for the mapping. Each of the major products has sub-products that may include suggested content, methodologies, and result recording. The “Objective Evidence” products prove that a required SASS task has been performed. (A more specific definition of “Objective Evidence” may be found in the “Objective Evidence” tab.) Check the Handbook entries for both the products and the objective evidence since the products are also objective evidence.

Each major product has a detailed description and may include: 

  • Sub-products – Sub-products are often part of the major work product but may also be recorded separately. For example, a Software Assurance Plan may contain the Safety Plan or the Safety Plan may be a separate document.
  • Product Guidance – Approaches and guidance that may be used to produce the product. For example, an analysis product may include information on the various types of analysis methods that could be used to produce the product.
  • Content List - Minimum required content that comprise the product. The work product content for a particular project will depend on the project’s approved SASS Requirements Mapping Matrix (i.e., tailoring matrix), safety criticality, and software classification. If the SASS tasks in NASA-STD-8739.8  278 have been tailored out and approved, then the content associated with those tailored tasks would no longer be required for inclusion in the products. 

1.1 The major SASS work products are:

Choose the individual product titles to see the detailed information on each work product.


The chart in tab 2 of this topic lists the work products, sub-products and the approximate phasing schedule for the work products.

1.2 Additional Guidance

Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the Additional Guidance in the Resources tab.

2. Product Schedules

The following chart lists the major products with their sub-products and other details and provides the life cycle phase(s) where is product is typically developed. The SWE numbers associated with the SASS tasks that require the products are also listed. For the details of each task, see the chart in tab 3: Product/SASS task Mapping. Many products resulting from requirements/tasks are "objective evidence". These products are not included in the Tab 2 list of products, since there are numerous types of products that might result from these requirements/tasks.

       Work Product Schedules Chart

Key: D=Draft, P=Preliminary, B=Baseline, U=Update, F=Final, A=Anytime, X=All Phases

#

Product

  • Sub-Product
    • Sub-Product Details
PLNREQDESIMPTSTDELSWEs

1

Software Assurance Plan

D

P

B

U

U

U

013, 016, 024. 022,151


  • Software Safety Plan

D

P

B




013, 016, 024, 024, 151


  • Software Assurance Schedule

D

P

B

U

U

U

016, 046


  • SASS Requirements Mapping Matrix

D

P

B

U

U

U

013, 121, 125, 176. Section 4.5.6


  • Software Classification Determination

D

P

B




020, 176

2

IV&V Program Execution Plan (Done by IV&V)


B

U

U

U

U

SWE-131, Section 4.4.2.2

3

Software Requirements Analysis

D

B

U

U

U

F

034, 051, 080, 081, 184, 203

4

Software Safety and Hazard Analysis


P

B

U

U

F

034, 080, 081, 203, 205

5

Software Design Analysis



B

U

U

F

034, 057, 058, 080, 081, 134, 143, 203

6

Source Code Quality Analysis



D

P

B

U/F

034, 061, 080, 081, 134, 135, 158, 159, 185, 203, 207,220

7

Testing Analysis









  • Software Test Plan Analysis




D

P

B

F

034, 071, 080, 081, 203


  • Software Test Procedures Analysis




D

B

U/F

034, 065b, 071, 080, 081, 134, 159, 191, 203


  • Software Test Results Analysis





P

B/F

034, 080, 081,134, 159, 190, 191, 203


o   Test Witnessing Signatures





XX066

8

SA Status Reports

X

X

X

X

X

X

037, 039, 134, 143


  • List of SA Non-conformances, risks, issues, concerns (Non-conformances == SA Findings, Discrepancies, PRs, Defects)

D

U

U

U

U

U

037, 039, 054, 134, 143, 191, 199


  • Results of any Analysis done in current phase

X

X

X

X

X

X



o   Verification Activities Analysis

X

X

X

X

X

X

034, 039, 081


o   Software Assurance Measurements & Analysis

X

X

X

X

X

X

090, 093, 200, 202


o   Root Cause Analysis

A

A

A

A

A

A

204


  • Results of Assessments Done Since Last Report

X

X

X

X

X

X



o   Assessment of SA Plan

D

P

B

U

U

B/F

016, 075, 151


o   Assessment of SA Compliance w/ NASA-STD-8739.8

D

U

U

U

U

B/F

024


o   Assessment of Software Engineering Plans

D

P

B

U

U

B/F

016, 075, 086, 146, 151


o   Assessment of SW Engineering Compliance w/ NPR 7150.2

D

U

U

U

U

B/F

024, 079, 139


o   Assessment of CMMI Assessment Findings

A

A

A

A

A

A

032


o   Assessments of Hazard Analyses and Reports


P

B

U

U

F

081, 205


o   Assessments of Software Reviews results

D

U

U

U

U

B/F

034, 039, 143


o   Assessments of Risks in Acquisition vs Development Decisions

D

P

B




033


o   Assessments of Accuracy of Severity-Level Application to Non-Conformances

A

A

A

A

A

A

202


o   Assessments of Joint NASA/developer Audit Results

A

A

A

A

A

A

045


  • Results of Audits Done Since Last Report

A

A

A

A

A

A

See “Audit Results” work


  • Assessments of Technical Interchange Meetings results

D

U

U

U

U

B/F

039


  • Assessments of Trade Studies and Source Data Results

D

P

B




039


  • Project milestone reviews

X

X

X

X

X

X

037, 134, 143


  • Record of Corrective Action Closures

A

A

A

A

A

A

204

9

Audit Reports

A

A

A

A

A

A



  • Peer Review Process Audit Report

A

A

A

A

A

A

088


  • Risk Management Process Audit Report

A

A

A

A

A

A

086


  • Software Assurance Process Audit Report

A

A

A

A

A

A

022,032


  • SW Development Processes and Practices Audit Report

A

A

A

A

A

A

032,039


  • Standards and Processes Audit Report

A

A

A

A

A

A

195


  • Software Configuration Management Baseline and Process/Procedure Audit Report

A

A

A

A

A

A

077,085


  • Software Configuration Management Procedure Audit Report

A

A

A

A

A

A

082

10

Objective Evidence

X

X

X

X

X

X

All SWEs


  • Records showing confirmations have been done*

X

X

X

X

X

X



o   *See Confirmations topic for other confirmations

X

X

X

X

X

X

All "Confirm" SASS Tasks


o   Software control activities

X

X

X

X

X

X

082


  • Approvals/sign-offs on deliveries






X

094


  • SA Peer Review records

X

X

X




087


Key Definitions:

Draft: Product is in outline form with some content; Still has a lot of TBDs (To Be Determined).

Preliminary: Most content is there  but has not been  baselined yet.

Baseline: Product reviewed and all actions completed.

Anytime: Product could be generated at anytime.


2.1 Additional Guidance

Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the Additional Guidance in the Resources tab.

3. Product/SASS Task Mapping

This chart lists all the products and sub-products required by NASA-STD-8739.8 and show the associated tasks relating to the products.


#

Product

  •  Sub-Product

o   Product Detail

Associated Tasks in NASA-STD-8739.8

1

Software Assurance Plan

SWE-013 SA Task 2:
2. Develop and maintain a Software Assurance Plan following the content defined in NASA-HDBK-2203 for a software assurance plan, including software safety.

SWE-016 SA Task 2:
2. Develop a software assurance schedule, including software assurance products, audits, reporting, and reviews.

SWE-022 SA Task 1:

1. Perform software assurance, software safety, and IV&V (if required) according to the software assurance and software safety standard requirements in NASA-STD-8739.8, Software Assurance and Software Safety Standard, and the Project’s software assurance plan.

SWE-151 SA Task 1e
1. Assess the project's software cost estimate(s) to determine if the stated criteria listed in "a" through "f" are satisfied.

     (SWE-151 1e. Includes the cost of the required software assurance support.)

  •  Software Safety Plan

SWE-013 SA Task 2:
2. Develop and maintain a Software Assurance Plan following the content defined in NASA-HDBK-2203 for a software assurance plan, including software safety.

SWE-022 Task 1:

1. Perform software assurance, software safety, and IV&V (if required) according to the software assurance and software safety standard requirements in NASA-STD-8739.8, Software Assurance and Software Safety Standard, and the Project’s software assurance plan.

  •  Software Assurance Schedule

SWE-016 SA Task 2:
2. Develop a software assurance schedule, including software assurance products, audits, reporting, and reviews.

SWE-046 SA Task 1:

1. Confirm the project's schedules, including the software assurance’s/software safety’s schedules, are updated.

  •  SASS Requirements Mapping Matrix

SWE-013 SA Task 2:
2. Develop and maintain a Software Assurance Plan following the content defined in NASA-HDBK-2203 for a software assurance plan, including software safety.

SWE-121 SA Task 2:
2. Develop a tailoring matrix of software assurance and software safety requirements.

SWE-125 SA Task 2:

2. Maintain the requirements mapping matrix (matrices) for requirements in NASA-STD-8739.8.

Req4.5.1:

4.5.1: The Center SMA TA shall review and agree with any tailored Software Assurance and Software Safety Standard requirements.

Req4.5.6:

4.5.6  If a system or subsystem development evolves to meet a higher or lower software classification defined in NPR 7150.2, the software assurance, software safety, and IV&V organizations shall update their plan(s) to fulfill the applicable requirements per the Requirements Mapping Matrix and any approved changes and initiate adjustments to applicable contracts to meet the modified requirements.

  •  Software Classification Determination

SWE-020 SA Task 1:
1. Perform a software classification or concur with the engineering software classification of software per the descriptions in NPR 7150.2.

2

IV&V Program Execution Plan (Done by IV&V)

SWE-131 SA Task 1:

1. Confirm that the IV&V Project Execution Plan (IPEP) exists.

To be done by IV&V:

Req4.4.2.2:

4.4.2.2 The IV&V provider shall develop and negotiate an IV&V IPEP with the project.

Note:   The IV&V Execution Plan (IPEP) documents the activities, methods, level of rigor, environments, tailoring (if any) of the IV&V requirements, and criteria to be used in performing verification and validation of in-scope system/software behaviors (including responsible software components) determined by the planning and scoping effort.

3

Software Requirements Analysis

SWE-034 SA Task 1:
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-051 SA Task 1:
1. Perform a software assurance analysis on the detailed software requirements to analyze the software requirement sources and identify any incorrect, missing, or incomplete requirements.

SWE-080 SA Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 SA Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-134 SA Task 1:

1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-184 SA Task 1:

1. Analyze and confirm that the software requirements documentation contains the software related safety constraints, controls, mitigations, and assumptions between the hardware, operator, and the software.

SWE-203 SA Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

4

Software Safety and Hazard Analysis

SWE-034 SA Task 1:
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-080 SA Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 SA Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-134 SA Task 1:

1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-135 SA Task 5:

5. Per SWE-219 for safety-critical software, verify code coverage and approved waivers.

SWE-135 SA Task 6:

6. Per SWE-220 for safety-critical software, verify cyclomatic complexity and approved waivers.

SWE-184 Task 1:

1. Analyze and confirm that the software requirements documentation contains the software related safety constraints, controls, mitigations, and assumptions between the hardware, operator, and the software.

SWE-203 SA Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

SWE-205 SA Task 2:
2. Assess that the hazard reports identify the software components associated with the system hazards per the criteria defined in NASA-STD-8739.8, Appendix A.

SWE-205 SA Task 3:
3. Assess that hazard analyses (including hazard reports) identify the software components associated with the system hazards per the criteria defined in NASA-STD-8739.8, Appendix A.

SWE-205 SA Task 5:
5. Develop and maintain a software safety analysis throughout the software development life cycle.

5

Software Design Analysis

SWE-034 SA Task 1:
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-057 SA Task 1:
1. Assess that the software architecture addresses or contains the software structure, qualities, interfaces, and external/internal components.

SWE-057 SA Task 2:
2. Analyze the software architecture to assess whether software safety and mission assurance requirements are met.

SWE-058 SA Task 1:
1. Assess the software design against the hardware and software requirements and identify any gaps.

SWE-058 SA Task 2:
2. Assess the software design to verify that the design is consistent with the software architectural design concepts and that the software design describes the lower-level units to be coded, compiled, and tested. 

SWE-058 SA Task 3:
3. Assess that the design does not introduce undesirable behaviors or unnecessary capabilities.

SWE-058 SA Task 5:
5. Perform a software assurance design analysis.

SWE-080 SA Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 SA Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-134 SA Task 4:

4. Analyze the software design to ensure the following:
   a. Use of partitioning or isolation methods in the
         design and code,
   b. That the design logically isolates the safety-critical
         design elements and data from those that are
         non-safety-critical.

SWE-143 SA Task 1: 
1. Assess the results of or participate in software architecture review activities held by the project.

SWE-203 SA Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

6

Source Code Quality Analysis

SWE-034 SA Task 1:
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-061 SA Task 2: 

2. Analyze that the software code conforms to all required software coding methods, rules, and principles.

SWE-080 SA Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 SA Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-134 Task 1: 
1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-134 Task 2: 
2. Assess that the source code satisfies the conditions in the NPR 7150.2 requirement "a" through "l" for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone.

SWE-135 Task 1:

1. Analyze the engineering data or perform independent static code analysis to check for code detects defects, software quality objectives, code coverage objectives, software complexity values, and software security objectives.

SWE-135 Task 3:

3. Assess that the project addresses the results from the static analysis tools used by software assurance, software safety, engineering, or the project.

SWE-159 Task 2:
2. Assess the quality of the cybersecurity mitigation implementation testing and the test results.

SWE-185 Task 1:
1. Analyze the engineering data or perform independent static code analysis to verify that the code meets the project’s secure coding standard requirements.

SWE-203 Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

SWE-207 Task 1:
1. Assess that the software coding guidelines (e.g., coding standards) includes secure coding practices.


7


Testing Analysis

See individual sub-products.

  • Software Test Plan Analysis


SWE-034 Task 1:
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-071 Task 1:
1. Analyze that software test plans and software test procedures cover the software requirements and provide adequate verification of hazard controls, specifically the off-nominal scenarios.

SWE-080 Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-203 Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

  •  Software Test Procedures Analysis

SWE-034 Task 1: 
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-065b Task 2:

2. Analyze the software test procedures for the following:
   a. Coverage of the software requirements.
   b. Acceptance or pass/fail criteria,
   c. The inclusion of operational and off-nominal conditions,
       including boundary conditions,
   d. Requirements coverage and hazards per SWE-066 and
       SWE-192, respectively.
   e. Requirements coverage for cybersecurity per SWE-157
       and SWE-210.

SWE-071 Task 1:
1. Analyze that software test plans and software test procedures cover the software requirements and provide adequate verification of hazard controls, specifically the off-nominal scenarios.

SWE-080 Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-134 Task 1: 
1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-134 Task 2: 
2. Assess that the source code satisfies the conditions in the NPR 7150.2 requirement "a" through "l" for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone.

SWE-159 Task 2:
2. Assess the quality of the cybersecurity mitigation implementation testing and the test results.

SWE-191 Task 3:
3. Identify any risks and issues associated with the regression test set selection and execution.

SWE-203 Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

  •  Software Test Results Analysis


SWE-034 Task 1: 
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-080 Task 1:
1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.

SWE-081 Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-134 Task 1: 
1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-134 Task 2: 
2. Assess that the source code satisfies the conditions in the NPR 7150.2 requirement "a" through "l" for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone.

SWE-159 Task 2:
2. Assess the quality of the cybersecurity mitigation implementation testing and the test results.

SWE-190 Task 2:

2. Analyze the code coverage measurements to identify uncovered software code.

SWE-190 Task 3:
3. Assess any uncovered software code for potential risk, issues, or findings.

SWE-191 Task 3:
3. Identify any risks and issues associated with the regression test set selection and execution.

SWE-203 Task 2:

2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.

o   Test Witnessing

SWE-066 Task 2:

2. Perform test witnessing for safety-critical software.

8






















SA Status Reports

SWE-037 Task 2:
2. Participate in project milestones reviews.

SWE-039 Task 4:

4. Assess trade studies, source data, software reviews, and technical interchange meetings.

SWE-039 Task 6:
6. Develop and provide status reports.

SWE-134 Task 5:

5. Participate in software reviews affecting safety-critical software products.

SWE-143 Task 1:
1. Assess the results of or participate in software architecture review activities held by the project.

  •  List of SA Non-conformances, risks, issues, concerns (Non-Conformances =SA Findings, Discrepancies, PRs, Defects)

SWE-037 Task 2:
2. Participate in project milestones reviews.

SWE-039 Task 2:
2. Monitor product integration.

SWE-039 Task 7:
7. Develop and maintain a list of all software assurance review discrepancies, risks, issues, findings, and concerns.

SWE-054 Task 1:

1. Monitor identified differences among requirements, project plans, and software products and confirm differences are addressed and corrective actions are tracked until closure.

SWE-134 Task 5:

5. Participate in software reviews affecting safety-critical software products.

SWE-143 Task 1:
1. Assess the results of or participate in software architecture review activities held by the project.

SWE-191 Task 3:
3. Identify any risks and issues associated with the regression test set selection and execution.

SWE-199 Task 2:
2. Monitor and track any performance or functionality requirements that are not being met or are at risk of not being met.

  •  Results of any Analysis done in current phase

|

o   Verification Activities Analysis

SWE-034 Task 1: 
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-039 Task 3: 
3. Analyze the verification activities to ensure adequacy.

SWE-081 Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

o   Software Assurance Measurements & Analysis

SWE-090 Task 2:
2. Perform trending analyses on metrics (quality metrics, defect metrics) and report. 

SWE-093 Task 2:
2. Analyze software assurance measurement data.

SWE-200 Task 2:

2. Analyze software volatility metrics to evaluate requirements stability as an early indicator of project problems.

SWE-202 Task 4:

4. Maintain or access the number of software non-conformances at each severity level for each software configuration item.

 o   Root Cause Analysis

SWE-204 Task 1:

1. Perform or confirm that a root cause analysis has been completed on all identified high severity software non-conformances, and that the results are recorded and have been assessed for adequacy. 

SWE-204 Task 3:
3. Assess opportunities for improvement on the processes identified in the root cause analysis associated with the high severity software non-conformances. 

  •  Results of Assessments Done Since Last Report

See assessments listed below.

 o   Assessment of SA Plan

SWE-016 Task 1:
1. Assess that the software schedule satisfies the conditions in the requirement.

SWE-075 Task 1:

1. Assess the maintenance, operations, and retirement plans for completeness of the required software engineering and software assurance activities. 

SWE-151 Task 1:
1. Assess the project's software cost estimate(s) to determine if the stated criteria listed in "a" through "f" are satisfied.

 o   Assessment of SA Compliance w/ NASA-STD-8739.8

SWE-024 Task 1:
1. Assess plans for compliance with NPR 7150.2 requirements, NASA-STD-8739.8, including changes to commitments.

 o   Assessment of Software Engineering Plans

SWE-016 Task 1:
1. Assess that the software schedule satisfies the conditions in the requirement.

SWE-075 Task 1:

1. Assess the maintenance, operations, and retirement plans for completeness of the required software engineering and software assurance activities. 

SWE-086 Task 1:
1. Confirm and assess that a risk management process includes recording, analyzing, planning, tracking, controlling, and communicating all software risks and mitigation plans. 

SWE-146 Task 1:
1. Assess that the approach for the auto-generation software source code is defined, and the approach satisfies at least the conditions “a” through “g.”

SWE-151 Task 1:
1. Assess the project's software cost estimate(s) to determine if the stated criteria listed in "a" through "f" are satisfied.

 o   Assessment of SW Engineering Compliance w/ NPR 7150.2

SWE-024 Task 1:
1. Assess plans for compliance with NPR 7150.2 requirements, NASA-STD-8739.8, including changes to commitments.

SWE-079 Task 1:
1. Assess that a software configuration management plan has been developed and complies with the requirements in NPR 7150.2 and Center/project guidance.

SWE-139 Task 1:

1. Assess that the project's software requirements, products, procedures, and processes are compliant with the NPR 7150.2 requirements per the software classification and safety criticality for software.

 o   Assessment of CMMI Assessment Findings

SWE-032 Task 2:
2. Assess potential process-related issues, findings, or risks identified from the CMMI assessment findings.

 o   Assessment of Hazard Analyses and Reports

SWE-081 Task 2:

2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.

SWE-205 SA Task 2:
2. Assess that the hazard reports identify the software components associated with the system hazards per the criteria defined in NASA-STD-8739.8, Appendix A.

SWE-205 SA Task 3:
3. Assess that hazard analyses (including hazard reports) identify the software components associated with the system hazards per the criteria defined in NASA-STD-8739.8, Appendix A.

o   Assessment of Software Reviews results

SWE-034 Task 1:
1. Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-039 Task 4:
4. Assess trade studies, source data, software reviews, and technical interchange meetings.

SWE-143 Task 1:
1. Assess the results of or participate in software architecture review activities held by the project.

 o   Assessment of Risks in Acquisition vs Development Decisions

SWE-033 Task 3:
3. Assess any risks with acquisition versus development decision(s).

 o   Assessment of Accuracy of Severity-Level Application to Non-conformances

SWE-202 Task 2:
2. Assess the application and accuracy of the defined severity levels to software non-conformances.

 o   Assessments of Joint NASA/developer Audit Results

SWE-045 Task 1:
1. Participate in or assess the results from any joint NASA/developer audits. Track any findings to closure.

o   Assessments of Technical Interchange Meetings results

SWE-039 Task 4:
4. Assess trade studies, source data, software reviews, and technical interchange meetings.

 o   Assessment of Trade Studies and Source Data Results

SWE-039 Task 4:
4. Assess trade studies, source data, software reviews, and technical interchange meetings.

  •  Results of Audits Done Since Last Report

See Audit Reports

  •  Record of Corrective Action Closures

SWE-204 Task 4:
4. Perform or confirm tracking of corrective actions to closure on high severity software non-conformances.

9

Audit Reports


  •  Peer Review Process Audit Report

SWE-088 Task 3:
3. Perform audits on the peer-review process.

  •  Risk Management Process Audit Report

SWE-086 Task 2:
2. Perform audits on the risk management process for the software activities.

  •  Software Assurance Process Audit Report

SWE-022 Task 1:

1. Perform software assurance, software safety, and IV&V (if required) according to the software assurance and software safety standard requirements in NASA-STD-8739.8, Software Assurance and Software Safety Standard, and the Project’s software assurance plan.

SWE-032 Task 3:

3. Perform audits on the software development and software assurance processes.

  •  SW Development Processes and Practices Audit Report

SWE-032 Task 3:

3. Perform audits on the software development and software assurance processes.

SWE-039 Task 5:
5. Perform audits on software development processes and practices at least once every two years.

  •  Standards and Processes Audit Report

SWE-195 Task 1:
1. Perform audits on the standards and processes used throughout maintenance based on the software classification.

  •  Software Configuration Management Baseline and Process/Procedure Audit Report

SWE-077 Task 2:

2. Perform audits for all deliveries per the configuration management processes to verify that all products are being delivered and are the correct versions.

SWE-085 Task 2:

2. Perform audits on the project to ensure that the project follows defined procedures for deliverable software products.

  • Software Configuration Management Procedure Audit Report

SWE-082 Task 2:

2. Perform an audit against the configuration management procedures to confirm that the project follows the established procedures.

10

Objective Evidence

All SWEs

  • Records showing confirmations have been done*

All "Confirm" SASS Tasks. *See Confirmations topic for other confirmations.

 o   Software control activities

SWE-082 Task 1:
1. Confirm that software assurance has participation in software control activities.

  •  Approvals/sign-offs on deliveries

SWE-194 Task 5:

5. Confirm that the approved changes to be implemented and the defects to be resolved have been resolved. 

  •  SA Peer Review records

SWE-087 Task 3:
3. Perform peer reviews on software assurance and software safety plans.

3.1 Additional Guidance

Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the Additional Guidance in the Resources tab.

4. Resources

4.1 References

4.2 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). 

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. 

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool.  The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

4.3 Additional Guidance

Additional guidance related to this requirement may be found in the following materials in this Handbook:

4.4 Center Process Asset Libraries

SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only. https://nen.nasa.gov/web/software/wiki  197

See the following link(s) in SPAN for process assets from contributing Centers (NASA Only). 



  • No labels