SWE-221 - OSMA NPR Appraisals

1. Requirements The NASA Chief, SMA shall authorize appraisals against selected requirements in this NPR to check compliance.

1.1 Notes

NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.

1.2 History

SWE-221 - Used first in NPR 7150.2D

RevSWE Statement

Difference between A and B




Difference between B and C



Difference between C and D

First use of this SWE in D

In previous versions this was a will statement

D The NASA Chief, SMA shall authorize appraisals against selected requirements in this NPR to check compliance.

2. Rationale

The Headquarters' Office of Safety and Mission Assurance (OSMA) is responsible for promoting and monitoring software engineering, assurance, and safety practices throughout the agency. It achieves this in part by administering software requirements, policies, procedures, processes, statutes, and regulations. The Headquarters' OSMA uses continuing periodic oversight of compliance at the Centers and programs/projects to verify that this responsibility is being met.

NPR 7150.2 serves as the basis for compliance appraisals for software engineering, software assurance, software safety, and IV&V. The appraisal typically occurs during a QAAR audit of a project's or Center's processes and directives and thorough examinations of an official record. These audits are one of the tools used by the OSMA to provide oversight, maintain internal control, and review its operations.

While SWE-129 - OCE NPR Appraisals is written from the OSMA point of view, the requirement also contains an inherent Center role, i.e., participation in the OSMA audit activities. A Center's support of this SWE can be assessed by considering the extent of its preparations for and involvement in these OSMA audits and surveys.

3. Guidance

The Headquarters Office of Safety and Mission Assurance (OSMA) controls and maintains an audit process for use in periodic Center and project OCE compliance audits and surveys.  The OSMA compliance audits achieve several objectives. They are:

  • Review Center and specified NASA Headquarters organizations’ processes and infrastructure for compliance with OSMA requirements, policy, procedures, processes, statutes, and regulations.
  • Review specific program/project “files” for compliance with requirements, policy, procedures, processes, statutes, and regulations.
  • Identify systemic problems or deficiencies.
  • Recognize areas of excellence/best practices.
  • Receive Center feedback regarding modifications in Agency policy and requirements.

Currently, the OSMA audits focus on the following core elements:

  • The common framework for a unified program and project life cycle.
  • Program and project review structure.
  • Technical authority implementation.
  • Software risks.
  • Dissenting opinions and deviation/waiver process.
  • Software engineering, assurance, and safety management.
  • Systems engineering.
  • Lessons learned.
  • Technical standards.
  • Other.

In addition to NPR 7150.2, the Headquarters’ OSMA audits also include a review and appraisal of the products resulting from the use of the following documents, to the extent they involve software engineering:

  • NPD 7120.4E, NASA Engineering, and Program/Project Management Policy.  257
  • NASA-STD-8739.8  278,  Software Assurance, and Software Safety Standard.

See also Topic 8.12 - Basics of Software Auditing.

3.1 Audit Responsibility

The NASA Organization

Section 4.13 Office of Safety and Mission Assurance

The Office of Safety and Mission Assurance provides policy direction, functional oversight, and assessment for all Agency safety, reliability, maintainability, and quality engineering and assurance activities and serves as a principal advisory resource for the Administrator and other senior officials on matters pertaining to safety and mission success.

Section 5.15 NASA Safety Center

Manages the audit, review, and assessment process for evaluating and ensuring conformance with Agency SMA requirements.

NASA Policy for Safety and Mission Success

Verify and validate the life cycle implementation of the SMA processes and any related safety and mission success requirements through ongoing surveillance of program, project, and contractor processes.

Safety and Mission Assurance (SMA) Audits, Reviews, and Assessments

The NSC AIO conducts audits, reviews, and assessments to verify each NASA Center's, Component Facility's, and the Jet Propulsion Laboratory’s (JPL’s) (a Federally-Funded Research and Development Center) implementation of, and compliance with, applicable Agency SMA requirements.

3.2 Audit Scope

  • Software Assurance and Software Safety Standard requirements, NASA-STD-8739.8?
  • NASA Software Engineering Requirements, NPR 7150.2

See also SWE-004 - OCE Benchmarking, SWE-036 - Software Process Determination, SWE-126 - Tailoring Considerations, SWE-139 - Shall Statements

3.3 Audit Focus Areas

  • New standard requirements, including safety-critical software requirements and determination
  • Software assurance\safety requirements mapping matrix, review any tailored requirements
  • NPR 7150.2 requirements mapping matrix, review any tailored requirements
  • Software assurance and safety requirements analysis approach and activities
  • Software assurance\safety approach, plan, and resource allocations
  • Software assurance process audits
  • Metric and status reporting by software assurance\safety or planned by software assurance\safety
  • Software assurance\safety access to software products and data
  • Flow down and implementation approach for the mission Cybersecurity requirements (focus on NPR 7150.2)
  • Use of and planned use of Coding standards
  • Use of and planned use of tools
  • IV&V plan and communication, access to data, the interaction of the project with IV&V, IV&V interaction with the project
  • Software quality assessment approaches
  • Software risks, or known issues
  • Software hazards
  • Integrated testing approach and plans
  • Software engineering and software assurance\safety requirements flow down into contracts
  • Open-source software and reused software approach and plans
  • Software engineering and software assurance document management system

3.4 Requested Documentation (Provide what is currently available)

  • The current draft of the Software assurance plan
  • The current draft of the Software Management/Development Plan (provided)
  • Software assurance requirements mapping to the program standard(s)
  • Software engineering requirements, NPR 7150.2, mapping matrix
  • The lowest level of software requirements available at this time
  • IV&V Plan(s)
  • List of IV&V findings to date
  • Identified Software Hazards to date
  • Latest software Engineering and Software Assurance status reports
  • Latest software engineering and software assurance metrics/measurements are being provided and used
  • Any statement of works involving the acquisition of critical software development
  • Software test and verification plans
  • List of planned reuse or open-source software to be used
  • Coding standard(s)
  • Any identified Software Risks to date
  • List of the identified Software issues to date

See also Topic 7.18 - Documentation Guidance, 8.16 - SA Products.

Findings resulting from the audits are generally classified as strengths, weaknesses, observations, opportunities, and non-compliances. However, the audit team has a clear and overriding obligation to identify all items of non-compliance and items that adversely affect safety or quality. These items will be included in the final report. Significant issues are brought to the immediate attention of the surveyed organization's management via the survey manager. 

3.5 Additional Guidance

Additional guidance related to this requirement may be found in the following materials in this Handbook:

3.6 Center Process Asset Libraries

SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only.  197

See the following link(s) in SPAN for process assets from contributing Centers (NASA Only). 

SPAN Links

4. Small Projects

No additional guidance is available for small projects.

5. Resources

5.1 References

5.2 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). 

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. 

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool.  The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

6. Lessons Learned

There are currently no Lessons Learned identified for this requirement.

  • No labels