SWE-140 - Comply with Requirements

1. Requirements Center Director, or designee, shall comply with the requirements in this directive that are marked with an “X” in Appendix C.

1.1 Notes

The responsibilities for approving changes in the requirements for a project is listed for each requirement in the requirement mapping matrix. When the requirement and software class are marked with an “X,” the projects will record the risk and rationale for any requirement that is not completely implemented by the project. The projects can document their related mitigations and risk acceptance in the approved Requirements Mapping Matrix. Project relief from the applicable cybersecurity requirements, Section 3.11, Software Cybersecurity, has to include an agreement from the SAISO or Center CISO, as designated by the SAISO. The NASA Agency CIO, or Center CIO designee, has institutional authority on all Class F software projects.

1.2 History

SWE-140 - Last used in rev NPR 7150.2D

RevSWE Statement

6.3.5 When the requirement and software class are marked with a "P (Center)," Centers and projects shall meet the requirement with an approved non-null subset of the "shall" statement (or approved alternate) for that specific requirement.

Difference between A and BRemoved the "P(Center)" designation along w/ updates made to Appendix D: Requirements Mapping Matrix
B Center Directors, or designees, shall comply with the requirements in this directive that are marked with an “X” in Appendix C.

Difference between B and C

No change 

C Center Director, or designee, shall comply with the requirements in this directive that are marked with an ”X” in Appendix C.

Difference between C and DNo change
D Center Director, or designee, shall comply with the requirements in this directive that are marked with an “X” in Appendix C.

2. Rationale

Reduce the risk associated with software development and use on NASA projects. 

3. Guidance

3.1 Using the Compliance Matrix

The requirements marked with an “X” in Appendix C are Agency requirements to implement NASA’s policy as delineated in NPD 7120.4. These requirements are “a designed set of requirements for protecting the Agency's investment in software engineering products and to fulfill its responsibility to the citizens of the United States. ... For engineers to effectively communicate and work seamlessly among Centers, a common framework of generic requirements is needed.”  Compliance with the requirements in NPR 7150.2 083ensures these goals are fulfilled.  

NPR 7150.2 083 establishes a baseline set of requirements to reduce software engineering risks on NASA projects and programs. Appendix C, Requirements Mapping Matrix, defines the default applicability of the requirements based on software classification and safety-criticality. Each project has unique circumstances and tailoring can be employed to modify the requirements set appropriate for the software engineering effort.  Each project documents the tailoring in a compliance matrix (see SWE-125 - Requirements Compliance Matrix), including Technical Authority approved waivers and deviations.  The project also captures in the compliance matrix any associated risks, risk mitigations, and rationale for requirements for which the project has received complete relief from the appropriate Technical Authorities (Engineering, Safety, and Mission Assurance (SMA) and CIO (as required in the NPR 7150.2)).

See also SWE-152 - Review Requirements Mapping Matrices regarding OCE review of matrices, 

See also SWE-212 - NASA-STD-8739 Mapping Matrices regarding the mapping of SA tasks to NPR 7150.2 Requirements. 

3.2 Requests for Software Requirements Relief

Requests for software requirements relief (partial or complete relief) at either the Center or Headquarters Technical Authority level may be submitted by project managers in the streamlined form of a compliance matrix to the Technical Authority identified in Appendix C.  As part of the relief process, project managers obtain the required signatures from the responsible organizations and designated Technical Authorities (Engineering, Safety and Mission Assurance (SMA) and CIO (as required in the NPR 7150.2)). See also SWE-126 - Tailoring Considerations, SWE-139 - Shall Statements.

3.3 Requirements by Class

The Requirements Mapping Matrix in NPR 7150.2 uses an “X” to identify the requirements that are designated by the Agency to be applied for each software class.  The identified requirements are required activities for the identified software classification and safety-criticality.  Within the compliance matrix in Appendix C, there are both project and institutional requirements.  The project requirements are requirements levied on the project managers specific to handling the development of software projects. The institutional requirements focus on how NASA does business and is independent of any particular program or project. These requirements are levied on NASA Headquarters (including the Office of the Chief Engineer, Office of Safety Mission & Assurance, and Mission Directors) and Center organizations because they directly affect mission success, address risks, or may impact other NASA programs, projects, processes, or procedures.

3.4 Institutional Requirements

Center Directors are responsible for institutional requirements (shown in Book B of this Handbook) and ensuring that projects fulfill project requirements identified in Appendix C of NPR 7150.2. The Center Director or designee regularly reviews the compliance matrix to make sure that projects remain in compliance with their approved requirements set. 

Downloadable compliance matrices for each class of software are available for NASA users in the Topic 7.16 - Appendix C. Requirements Mapping and Compliance Matrix.

3.5 Additional Guidance

Additional guidance related to this requirement may be found in the following materials in this Handbook:

3.6 Center Process Asset Libraries

SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only.  197

See the following link(s) in SPAN for process assets from contributing Centers (NASA Only). 

SPAN Links

4. Small Projects

No additional guidance is available for small projects. 

5. Resources

5.1 References

  • (SWEREF-083) NPR 7150.2D, Effective Date: March 08, 2022, Expiration Date: March 08, 2027 Contains link to full text copy in PDF format. Search for "SWEREF-083" for links to old NPR7150.2 copies.
  • (SWEREF-197) Software Processes Across NASA (SPAN) web site in NEN SPAN is a compendium of Processes, Procedures, Job Aids, Examples and other recommended best practices.
  • (SWEREF-261) NPD 1000.0C, NASA Governance and Strategic Management Handbook, Effective Date: January 29, 2020, Expiration Date: January 29, 2025

5.2 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). 

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. 

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool.  The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

6. Lessons Learned

6.1 NASA Lessons Learned

No Lessons Learned have currently been identified for this requirement.

6.2 Other Lessons Learned

No other Lessons Learned have currently been identified for this requirement.

  • No labels