bannerc
8.16 - SA Products

1. Introduction

This topic provides detailed information on the work products produced as a result of the performing the Software Assurance and Software Safety (SASS) tasks required in NASA-STD-8739.8. Each SASS task has been mapped to one or more of nine major SASS products or the product listed as "Objective Evidence". See Topic 8.15 - SA Tasking Checklist Tool for the mapping. Each of the major products has sub-products that may include suggested content, methodologies, and result recording. The “Objective Evidence” products prove that a required SASS task has been performed. (A more specific definition of “Objective Evidence” may be found in the “Objective Evidence” tab.)

Each major product has a detailed description and may include: 

  • Sub-products – Sub-products are often part of the major work product but may also be recorded separately. For example, a Software Assurance Plan may contain the Safety Plan or the Safety Plan may be a separate document.
  • Product Guidance – Approaches and guidance that may be used to produce the product. For example, an analysis product may include information on the various types of analysis methods that could be used to produce the product.
  • Content List - Minimum required content that comprise the product. The work product content for a particular project will depend on the project’s approved SASS Requirements Mapping Matrix (i.e., tailoring matrix), safety criticality, and software classification. If the SASS tasks in NASA-STD-8739.8 have been tailored out and approved, then the content associated with those tailored tasks would no longer be required for inclusion in the products. 

 1.1 The major SASS work products are:

  • Software Assurance Plan - Describes Software Assurance Plan content as well as sub-plans for Safety and Security 
  • IV&V Program Execution Plan - This is produced by the IV&V team and is not a software assurance or safety team responsibility.
  • Software Requirements Analysis - This section focuses on analysis techniques for assuring and improving requirements
  • Software Safety and Hazard Analysis (Only applicable for safety critical projects) - Under Construction –
  • Software Design Analysis  – Section focuses on analysis techniques for improving the design.
  • Source Code Quality Analysis - Section focuses on analysis techniques for determining and improving source code quality.
  • Testing Analysis - Under Construction –
  • Software Assurance Status Reports - Under Construction
  • Audit Results - Discusses required audits and provides information and resources for performing audits
  • Objective Evidence - This topic provides a definition with some examples of "objective evidence" and contains a listing of all the tasks in NPR-8739.8 where "objective evidence" is the product.

Choose the individual product titles to see the detailed information on each work product.


The chart in tab 2 of this topic lists the work products, sub-products and the approximate phasing schedule for the work products.


2. Product Schedules

     Currently under construction!

The following chart lists the major products with their sub-products and other details and provides the life cycle phase(s) where is product is typically developed. The SWE numbers associated with the SASS tasks that require the products are also listed. For the details of each task, see the chart in tab 3: Product/SASS task Mapping.

       

Work Product Schedules Chart

Key: D=Draft, P=Preliminary, B=Baseline, U=Update, F=Final, A=Anytime, X=All Phases

#

Product

  • Sub-Product

o   Sub-Product Details

PLN

REQ

DES

IMP

TST

DEL

SWEs

1

Software Assurance Plan

D

P

B

U

U

U

013, 016, 151


  • Software Safety Plan

D

P

B




013


  • Software Assurance Schedule

D

P

B

U

U

U

016, 046


  • SASS Requirements Mapping Matrix

D

P

B

U

U

U

013, 121, 125, SASS-09, SASS-10


  • Software Classification Determination

D

P

B




020

2

IV&V Program Execution Plan (Done by IV&V)


B

U

U

U

U

SWE-131, SASS-02

3

Software Requirements Analysis

D

B

U

U

U

F

034, 051, 080, 081, 184, 203

4

Software Safety and Hazard Analysis


P

B

U

U

F

034, 080, 081, 203, 205

5

Software Design Analysis



B

U

U

F

034, 057, 058, 080, 081, 134, 143, 203

6

Source Code Quality Analysis



D

P

B

U/F

034, 061, 080, 081, 134, 135, 158, 159, 185, 203, 207

7

Testing Analysis









  • Software Test Plan Analysis




D

P

B

F

034, 071, 080, 081, 203


  • Software Test Procedures Analysis




D

B

U/F

034, 065b, 071, 080, 081, 134, 159, 191, 203


  • Software Test Results Analysis





P

B/F

034, 080, 081,134, 159, 190, 191, 203


o   Test Witnessing Signatures





XX066

8

SA Status Reports

X

X

X

X

X

X

037, 039, 134, 143


  • List of SA Non-conformances, risks, issues, concerns (Non-conformances == SA Findings, Discrepancies, PRs, Defects)

D

U

U

U

U

U

037, 039, 054, 134, 143, 191, 199


  • Results of any Analysis done in current phase

X

X

X

X

X

X



o   Verification Activities Analysis

X

X

X

X

X

X

034, 039, 081


o   Software Assurance Measurements & Analysis

X

X

X

X

X

X

090, 093, 200, 202


o   Root Cause Analysis

A

A

A

A

A

A

204


  • Results of Assessments Done Since Last Report

X

X

X

X

X

X



o   Assessment of SA Plan

D

P

B

U

U

B/F

016, 075, 151


o   Assessment of SA Compliance w/ NASA-STD-8739.8

D

U

U

U

U

B/F

024


o   Assessment of Software Engineering Plans

D

P

B

U

U

B/F

016, 075, 086, 146, 151


o   Assessment of SW Engineering Compliance w/ NPR 7150.2

D

U

U

U

U

B/F

024, 079, 139


o   Assessment of CMMI Assessment Findings

A

A

A

A

A

A

032


o   Assessments of Hazard Analyses and Reports


P

B

U

U

F

081, 205


o   Assessments of Software Reviews results

D

U

U

U

U

B/F

034, 039, 143


o   Assessments of Risks in Acquisition vs Development Decisions

D

P

B




033


o   Assessments of Accuracy of Severity-Level Application to Non-Conformances

A

A

A

A

A

A

202


o   Assessments of Joint NASA/developer Audit Results

A

A

A

A

A

A

045


  • Results of Audits Done Since Last Report

A

A

A

A

A

A

See “Audit Results” work


  • Assessments of Technical Interchange Meetings results

D

U

U

U

U

B/F

039


  • Assessments of Trade Studies and Source Data Results

D

P

B




039


  • Project milestone reviews

X

X

X

X

X

X

037, 134, 143


  • Record of Corrective Action Closures

A

A

A

A

A

A

204

9

Audit Reports

A

A

A

A

A

A



  • Peer Review Process Audit Report

A

A

A

A

A

A

088


  • Risk Management Process Audit Report

A

A

A

A

A

A

086


  • Software Assurance Process Audit Report

A

A

A

A

A

A

022,032


  • SW Development Processes and Practices Audit Report

A

A

A

A

A

A

032,039


  • Standards and Processes Audit Report

A

A

A

A

A

A

195


  • Software Configuration Management Baseline and Process/Procedure Audit Report

A

A

A

A

A

A

077,085


  • Software Configuration Management Procedure Audit Report

A

A

A

A

A

A

082

10

Objective Evidence

X

X

X

X

X

X

All SWEs


  • Records showing confirmations have been done*

X

X

X

X

X

X



o   *See Confirmations topic for other confirmations

X

X

X

X

X

X

All "Confirm" SASS Tasks


o   Software control activities

X

X

X

X

X

X

082


  • Approvals/sign-offs on deliveries






X

094


  • SA Peer Review records

X

X

X




087


Key Definitions:

Draft: Product is in outline form with some content; Still has a lot of TBDs (To Be Determined).

Preliminary: Most content is there  but has not been  baselined yet.

Baseline: Product reviewed and all actions completed.

Anytime: Product could be generated at anytime.

3. Product/SASS Task Mapping

This chart lists all the products and sub-products required by NASA-STD-8739.8 and show the associated tasks relating to the products.


#

Product

  •  Sub-Product

o   Product Detail

Associated Tasks in NASA-STD-8739.8

1

Software Assurance Plan

SWE-013 Task 2: Develop a Software Assurance Plan following the content defined in NASA-HDBK-2203 for a software assurance plan, including software safety.

SWE-016 Task 2: Develop a software assurance schedule, including software assurance products, audits, reporting, and reviews.

SWE-151 Task 1e:  Assess the project's software cost estimate(s) to determine if the stated criteria listed in "a" through "f" are satisfied. 

e. Includes the cost of the required software assurance support.

  •  Software Safety Plan

SWE-013 Task 2: Develop a Software Assurance Plan following the content defined in NASA-HDBK-2203 for a software assurance plan, including software safety.

  •  Software Assurance Schedule

SWE-016 Task 2: Develop a software assurance schedule, including software assurance products, audits, reporting, and reviews.

SWE-046 Task 1: Confirm the project's schedules are updated.

  •  SASS Requirements Mapping Matrix

SWE-013 Task 2: Develop a Software Assurance Plan following the content defined in NASA-HDBK-2203 for a software assurance plan, including software safety.

SWE-121 Task 2: Develop a tailoring matrix of software assurance and software safety requirements.

SWE-125 Task 2: Maintain the requirement mapping matrix (matrices) for requirements in NASA-STD-8739.8.

SASS-09: The Center SMA TA shall review and agree with any tailored Software Assurance and Software Safety Standard requirements.

SASS-10: If a system or subsystem development evolves to meet a higher or lower software classification as defined in NPR 7150.2 then the software assurance, software safety, and IV&V organizations shall update their plan(s) to fulfill the applicable requirements per the Requirements Mapping Matrix and any approved changes, and initiate adjustments to applicable contracts to meet the modified requirements. 

  •  Software Classification Determination

SWE-020 Task 1: Perform a software classification or concur with the engineering software classification of software per the descriptions in NPR 7150.2.

2

IV&V Program Execution Plan (Done by IV&V)

SWE-131 Task 1: Confirm that the IV&V Program Execution Plan (IPEP) exists.

To be done by IV&V:

SASS-02: The IV&V Provider shall: b. Develop and negotiate with the project an IV&V Execution Plan documenting the activities, methods, level of rigor, environments, tailoring (if any) of these requirements, and criteria to be used in performing verification and validation of in-scope system/software behaviors (including responsible software components) determined by the planning and scoping effort.

3

Software Requirements Analysis

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-051 Task 1: Perform a software assurance analysis on the detailed software requirements to analyze the software requirement sources and identify any incorrect, missing, or incomplete requirements.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-184 Task 1: Analyze that the software requirements documentation contains the software related safety constraints, controls, mitigations, and assumptions between the hardware, operator, and the software.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

4

Software Safety and Hazard Analysis

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

SWE-205 Task 2: Assess that the hazard reports identify the software components associated with the system hazards per the criteria defined in NASA-STD- 8739.8, Appendix A.

SWE-205 Task 3: Assess that hazard analyses (including hazard reports) identify the software components associated with the system hazards per the criteria defined in NASA-STD- 8739.8, Appendix A.

SWE-205 Task 5: Develop and maintain a software safety analysis throughout the software development life-cycle.

5

Software Design Analysis

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-057 Task 1: Assess that the software architecture addresses or contains the software structure, qualities, interfaces, and external/internal components.

SWE-057 Task 2: Analyze the software architecture to assess whether software safety and mission assurance requirements are met.

SWE-058 Task 1: Assess the software design against the hardware and software requirements and identify any gaps.

SWE-058 Task 2: Assess the software design to verify that the design is consistent with the software architectural design concepts and that the software design describes the lower-level units to be coded, compiled, and tested.

SWE-058 Task 3: Assess that the design does not introduce undesirable behaviors or unnecessary capabilities.

SWE-058 Task 5: Perform a software assurance design analysis.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-134 Task 6: Analyze the software design to ensure:

a. Use of partitioning or isolation methods in the design and code,

b. That the design logically isolates the safety-critical design elements and data from those that are non-safety-critical.

SWE-143 Task 1:  Assess the results of or participate in software architecture review activities held by the project.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

6

Source Code Quality Analysis

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-061 Task 1: Analyze that the software code conforms to all of the required software coding methods, rules, and principles.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-134 Task 1: Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-134 Task 2: Assess that the source code satisfies the conditions in the NPR 7150.2 requirement "a" through "l" for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone.

SWE-135 Task 2: Assess that the project addresses the results from the static analysis tools used by software assurance, software safety, engineering, or the project.

SWE-158 Task 2: Perform static code analysis on the software or analyze the project's static code analysis tool results for cybersecurity vulnerabilities and weaknesses.

SWE-159 Task 2: Assess the quality of the cybersecurity mitigation implementation testing and the test results.

SWE-185 Task 1: Analyze the engineering data or perform independent static code analysis to verify that the code meets the project’s secure coding standard requirements.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

SWE-207 Task 1: Assess that the software coding guidelines (e.g., coding standards) includes secure coding practices.


7


Testing Analysis

See individual sub-products.

  • Software Test Plan Analysis


SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-071 Task 1: Analyze that software test plans and software test procedures cover the software requirements and provide adequate verification of hazard controls, specifically the off-nominal scenarios.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

  •  Software Test Procedures Analysis

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-065b Task 2: Analyze the software test procedures for:

a. Coverage of the software requirements.

b. Acceptance or pass/fail criteria,

c. The inclusion of operational and off-nominal conditions, including boundary conditions,

d. Requirements coverage and hazards per SWE-66 and SWE-192, respectively.

SWE-071 Task 1: Analyze that software test plans and software test procedures cover the software requirements and provide adequate verification of hazard controls, specifically the off-nominal scenarios.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-134 Task 1: Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-134 Task 2: Assess that the source code satisfies the conditions in the NPR 7150.2 requirement "a" through "l" for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone.

SWE-159 Task 2: Assess the quality of the cybersecurity mitigation implementation testing and the test results.

SWE-191 Task 3: Identify any risks and issues associated with the regression test set selection and execution.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

  •  Software Test Results Analysis


SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-080 Task 1: Analyze proposed software and hardware changes to software products for impacts, particularly to safety and security.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-134 Task 1: Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l."

SWE-134 Task 2: Assess that the source code satisfies the conditions in the NPR 7150.2 requirement "a" through "l" for safety-critical and mission-critical software at each code inspection, test review, safety review, and project review milestone.

SWE-159 Task 2: Assess the quality of the cybersecurity mitigation implementation testing and the test results.

SWE-190 Task 2: Analyze the code coverage measurements for uncovered software code.

SWE-190 Task 3: Assess any uncovered software code for potential risk, issues, or findings.

SWE-191 Task 3: Identify any risks and issues associated with the regression test set selection and execution.

SWE-203 Task 2: Assess the impact of non-conformances on the safety, quality, and reliability of the project software.

o   Test Witnessing

SWE-066 Task 2: Perform test witnessing for safety-criticality software.

8






















SA Status Reports

SWE-037 Task 2: Participate in project milestones reviews.

SWE-039 Task 6: Develop and provide status reports.

SWE-134 Task 7: Participate in software reviews affecting safety-critical software products.

SWE-143 Task 1: Assess the results of or participate in software architecture review activities held by the project.

  •  List of SA Non-conformances, risks, issues, concerns (Non-Conformances =SA Findings, Discrepancies, PRs, Defects)

SWE-037 Task 2: Participate in project milestones reviews.

SWE-039 Task 2: Monitor product integration.

SWE-039 Task 7: Develop and maintain a list of all software assurance review discrepancies, risks, issues, findings, and concerns.

SWE-054 Task 1: Monitor identified differences among requirements, project plans, and software products to confirm they are addressed.

SWE-134 Task 7: Participate in software reviews affecting safety-critical software products.

SWE-143 Task 1: Assess the results of or participate in software architecture review activities held by the project.

SWE-191 Task 3: Identify any risks and issues associated with the regression test set selection and execution.

SWE-199 Task 2: Monitor and track any performance or functionality requirements that are not being met or are at risk of not being met.

  •  Results of any Analysis done in current phase


o   Verification Activities Analysis

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-039 Task 3: Analyze the verification activities to ensure adequacy.

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

o   Software Assurance Measurements & Analysis

SWE-090 Task 2: Perform trending and analyses on metrics (quality metrics, defect metrics) and report.

SWE-093 Task 2: Analyze software assurance measurement data collected.

SWE-200 Task 2: Analyze software volatility measures to evaluate requirements stability as an early indicator of project problems.

SWE-202 Task 4: Maintain or have access to the number of software non-conformances at each severity level for each software configuration item.

 o   Root Cause Analysis

SWE-204 Task 1: Perform or confirm that a root cause analysis has been completed on all identified high severity software non-conformances, the results are recorded, and that the results have been assessed for adequacy.

SWE-204 Task 3: Assess opportunities for process improvement on the processes identified in the root cause analysis associated with the high severity software non-conformances.

  •  Results of Assessments Done Since Last Report

See assessments listed below.

 o   Assessment of SA Plan

SWE-016 Task 1: Assess that the software schedule satisfies the conditions in the requirement.

SWE-075 Task 1: Assess the plans for maintenance, operations, and retirement for completeness of the required software engineering and software assurance activities.

SWE-151 Task 1: Assess the project's software cost estimate(s) to determine if the stated criteria listed in "a" through "f" are satisfied.

 o   Assessment of SA Compliance w/ NASA-STD-8739.8

SWE-024 Task 1: Assess plans for compliance with NPR 7150.2 requirements, NASA-STD-8739.8, including changes to commitments.

 o   Assessment of Software Engineering Plans

SWE-016 Task 1: Assess that the software schedule satisfies the conditions in the requirement.

SWE-075 Task 1: Assess the plans for maintenance, operations, and retirement for completeness of the required software engineering and software assurance activities.

SWE-086 Task 1: Confirm and assess that a risk management process includes recording, analyzing, planning, tracking, controlling, and communicating all of the software risks and mitigation plans.

SWE-146 Task 1: Assess that the approach for the auto-generation software source code is defined, and the approach satisfies at least the conditions “a” through “g.”

SWE-151 Task 1: Assess the project's software cost estimate(s) to determine if the stated criteria listed in "a" through "f" are satisfied.

 o   Assessment of SW Engineering Compliance w/ NPR 7150.2

SWE-024 Task 1: Assess plans for compliance with NPR 7150.2 requirements, NASA-STD-8739.8, including changes to commitments.

SWE-079 Task 1: Assess that a software configuration management plan has been developed and complies with the requirements in NPR 7150.2 and Center/project guidance.

SWE-139 Task 1: Assess that the software requirements, products, procedures, and processes of the project are compliant with the NPR 7150.2 requirements per the software classification and safety criticality for software.

 o   Assessment of CMMI Assessment Findings

SWE-032 Task 2: Assess potential process-related issues, findings, or risks identified from the CMMI assessment findings.

 o   Assessment of Hazard Analyses and Reports

SWE-081 Task 2: Assess that the software safety-critical items are configuration managed, including hazard reports and safety analysis.

SWE-205 Task 2: Assess that the hazard reports identify the software components associated with the system hazards per the criteria defined in NASA-STD- 8739.8, Appendix A.

SWE-205 Task 3: Assess that hazard analyses (including hazard reports) identify the software components associated with the system hazards per the criteria defined in NASA-STD- 8739.8, Appendix A.

o   Assessment of Software Reviews results

SWE-034 Task 1: Confirm software acceptance criteria are defined and assess the criteria based on guidance in the NASA Software Engineering Handbook, NASA-HDBK-2203.

SWE-039 Task 4: Assess trade studies, source data, software reviews, and technical interchange meetings.

SWE-143 Task 1: Assess the results of or participate in software architecture review activities held by the project.

 o   Assessment of Risks in Acquisition vs Development Decisions

SWE-033 Task 3: Assess any risks with acquisition versus development decision(s).

 o   Assessment of Accuracy of Severity-Level Application to Non-conformances

SWE-202 Task 2: Assess the application and accuracy of the defined severity levels to software non-conformances.

 o   Assessments of Joint NASA/developer Audit Results

SWE-045 Task 1: Participate in or assess the results from any joint NASA/developer audits. Track any findings to closure.

o   Assessments of Technical Interchange Meetings results

SWE-039 Task 4: Assess trade studies, source data, software reviews, and technical interchange meetings.

 o   Assessment of Trade Studies and Source Data Results

SWE-039 Task 4: Assess trade studies, source data, software reviews, and technical interchange meetings.

  •  Results of Audits Done Since Last Report

See Audit Reports

  •  Project milestone reviews

SWE-037 Task 2: Participate in project milestones reviews.

SWE-134 Task 7: Participate in software reviews affecting safety-critical software products.

SWE-143 Task 1: Assess the results of or participate in software architecture review activities held by the project.

  •  Record of Corrective Action Closures

SWE-204 Task 4: Perform or confirm tracking of corrective actions to closure on high severity software non-conformances.

9

Audit Reports


  •  Peer Review Process Audit Report

SWE-088 Task 3: Perform audits on the peer-review process.

  •  Risk Management Process Audit Report

SWE-086 Task 2: Perform audits on the risk management process for the software activities.

  •  Software Assurance Process Audit Report

SWE-022 Task 1: Perform according to the software assurance plan and the software assurance and software safety standard requirements in NASA-STD-8739.8.

SWE-032 Task 3: Perform audits on the software development and software assurances processes.

  •  SW Development Processes and Practices Audit Report

SWE-032 Task 3: Perform audits on the software development and software assurances processes.

SWE-039 Task 5: Perform audits on software development processes and practices at least once every two years.

  •  Standards and Processes Audit Report

SWE-195 Task 1: Perform audits on the standards and processes used throughout maintenance based on the software classification.

  •  Software Configuration Management Baseline and Process/Procedure Audit Report

SWE-077 Task 2: Perform audits on the configuration management processes to verify that all products are being delivered and are the correct versions.

SWE-085 Task 2: Perform audits on the project to ensure that the project is following defined procedures for deliverable software products.

  • Software Configuration Management Procedure Audit Report

SWE-082 Task 2: Perform an audit against the configuration management procedures to confirm that the project is following the established procedures.

10

Objective Evidence

All SWEs

  • Records showing confirmations have been done*

All "Confirm" SASS Tasks. *See Confirmations topic for other confirmations.

 o   Software control activities

SWE-082 Task 1: Confirm that software assurance has participation in software control activities.

  •  Approvals/sign-offs on deliveries

SWE-194 Task 5: Approve or sign-off on the projects delivered products.

  •  SA Peer Review records

SWE-087 Task 3: Perform peer reviews on software assurance and software safety plans.

4. Resources

4.1 References

4.2 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). 

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. 

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool.  The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.



  • No labels