Page History
| Excerpt | ||
|---|---|---|
| ||
NASA Procedural Requirements NPR 7150.2D - Approved 2022-03-08 - NASA Software Engineering Requirements. Full text of this NPR as taken from NODIS. Assembled from component pieces beneath this page. |
| NASA Procedural Requirements | NPR 7150.2D Effective Date: March 8, 2022 Expiration Date: March 8, 2027 |
|---|
...
| Note |
|---|
Note: The above statement alone is not sufficient to stipulate requirements for the contractor, grant recipient, or agreement. This NPR provides requirements for NASA contracts, grant recipients, or agreements to the responsible NASA project managers, contracting officers, and the contracting officers representatives that are made mandatory through contract clauses, specifications, or statements of work (SOWs) in conformance with the NASA Federal Acquisition Regulation (FAR) Supplement or by stipulating in the contracts, grants, or agreements which of the NPR requirements apply. |
| Include Page | ||||
|---|---|---|---|---|
|
| Include Page | ||||
|---|---|---|---|---|
|
c. For existing Class A through E programs and projects, the software engineering requirements of this NPR apply to their current and future phases as determined by the responsible Mission Directorate as approved by the NASA Chief Engineer (or as delegated).
d. For existing Class F programs and projects, the software engineering requirements of this NPR apply to their current and future phases as determined by the Center Chief Information Officer (CIO) and approved by the NASA CIO (or delegate).
e. This NPR can be applied to other NASA investments at the discretion of the responsible manager or the NASA Associate Administrator. This NPR is not retroactively applicable to software development, maintenance, operations, management, acquisition, and assurance activities started before the effective date of this NPR (i.e., existing systems and subsystems containing software for the International Space Station, Hubble, Chandra, etc.).
f. This NPR does not supersede more stringent requirements imposed by individual NASA organizations and other Federal Government agencies or by Federal law. This NPR applies to the complete software development life cycle, including software planning, development, testing, maintenance, retirement, operations, management, acquisition, and assurance activities. The requirements of this directive cover such software created, acquired, or maintained by NASA or for NASA to the extent specified or referenced in an appropriate contract, grant, or cooperative agreement. The applicability of these requirements to specific systems and subsystems within the Agency’s investment areas, programs, and projects is through the use of the NASA-wide definition of software classes, defined in Appendix D. Some projects may contain multiple software systems and software subsystems having different software classes. For this directive, software is defined in Appendix A, and includes software executing on processors embedded in programmable logic devices.
| Include Page | ||||
|---|---|---|---|---|
|
c. For existing Class A through E programs and projects, the software engineering requirements of this NPR apply to their current and future phases as determined by the responsible Mission Directorate as approved by the NASA Chief Engineer (or as delegated).
d. For existing Class F programs and projects, the software engineering requirements of this NPR apply to their current and future phases as determined by the Center Chief Information Officer (CIO) and approved by the NASA CIO (or delegate).
e. This NPR can be applied to other NASA investments at the discretion of the responsible manager or the NASA Associate Administrator. This NPR is not retroactively applicable to software development, maintenance, operations, management, acquisition, and assurance activities started before the effective date of this NPR (i.e., existing systems and subsystems containing software for the International Space Station, Hubble, Chandra, etc.).
f. This NPR does not supersede more stringent requirements imposed by individual NASA organizations and other Federal Government agencies or by Federal law.
g. In this NPR, all mandatory actions (i.e., requirements) are denoted by statements containing the term “shall,” followed by a software engineering (SWE) requirement number. The terms “may” or “can” denote discretionary privilege or permission, “should” denotes a good practice and is recommended but not required, “will” denotes expected outcome, and “are/is” denotes descriptive material.
h. In this NPR, all document citations are assumed to be the latest version unless otherwise noted.
P.3 AUTHORITY
a. The National Aeronautics and Space Act, as amended, 51 U.S.C. § 20113(a).
b. NPD 1000.0, NASA Governance and Strategic Management Handbook.
c. NPD 1000.3, The NASA Organization.
d. NPD 1000.5, Policy for NASA Acquisition.
e. NPD 7120.4, NASA Engineering and Program/Project Management Policy.
P.4 APPLICABLE DOCUMENTS AND FORMS
a. NPD 1210.2, NASA Surveys, Audits, and Reviews Policy.
b. NPD 1600.2, NASA Security Policy.
c. NPD 2091.1, Inventions Made By Government Employees.
d. NPD 2800.1, Managing Information Technology.
e. NPR 1600.1, NASA Security Program Procedural Requirements.
f. NPR 2800.2, Information and Communication Technology Accessibility.
g. NPR 2810.1, Security of Information Technology.
h. NPR 7120.5, NASA Space Flight Program and Project Management Requirements.
i. NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements.
j. NPR 7120.8, NASA Research and Technology Program and Project Management Requirements.
k. NPR 8705.2, Human-Rating Requirements for Space Systems.
l. NPR 8705.4, Risk Classification for NASA Payloads.
m. NPR 8715.3, NASA General Safety Program Requirements.
n. NASA-STD-1006, Space System Protection Standard.
o. NASA-STD-8739.8, Software Assurance and Software Safety Standard.
p. NASA-HDBK-2203, NASA Software Engineering Handbook.
P.5 MEASUREMENT/VERIFICATION
Implementation of this directive is defined as implementing all the identified processes, activities, and requirements in accordance with the software classification and approved software tailoring. Compliance with this NPR is verified by submission of the completed Requirements Mapping Matrix(ces) to responsible NASA officials, including any approved tailoring (see Appendix C) and by internal and external controls. Internal controls processes are defined in NPD 1200.1, NASA Internal Control. Internal controls include surveys, audits, and reviews conducted in accordance with NPD 1210.2, NASA Surveys, Audits, and Reviews Policy. External controls may include external surveys, audits, and reporting or contractual requirements.
P.6 CANCELLATION
a. NPR 7150.2C, NASA Software Engineering Requirements, dated August 02, 2019.
b. NASA Interim Directive 7150-113: NASA Interim Directive for Software License Management, dated June 13, 2017.
Chapter 1: Introduction
1.1 Overview
1.1.1 This directive imposes requirements on procedures, design considerations, activities, and tasks used to acquire, develop, maintain, operate, retire, and manage applicable software. This directive is a designed set of requirements for protecting the ’Agency’s investment in software engineering products and fulfilling our responsibility to the citizens of the United States (U.S.).
h. In this NPR, all document citations are assumed to be the latest version unless otherwise noted.
P.3 AUTHORITY
a. The National Aeronautics and Space Act, as amended, 51 U.S.C. § 20113(a).
b. NPD 1000.0, NASA Governance and Strategic Management Handbook.
c. NPD 1000.3, The NASA Organization.
d. NPD 1000.5, Policy for NASA Acquisition.
e. NPD 7120.4, NASA Engineering and Program/Project Management Policy.
P.4 APPLICABLE DOCUMENTS AND FORMS
a. NPD 1210.2, NASA Surveys, Audits, and Reviews Policy.
b. NPD 1600.2, NASA Security Policy.
c. NPD 2091.1, Inventions Made By Government Employees.
d. NPD 2800.1, Managing Information Technology.
e. NPR 1600.1, NASA Security Program Procedural Requirements.
f. NPR 2800.2, Information and Communication Technology Accessibility.
g. NPR 2810.1, Security of Information Technology.
h. NPR 7120.5, NASA Space Flight Program and Project Management Requirements.
i. NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements.
j. NPR 7120.8, NASA Research and Technology Program and Project Management Requirements.
k. NPR 8705.2, Human-Rating Requirements for Space Systems.
l. NPR 8705.4, Risk Classification for NASA Payloads.
m. NPR 8715.3, NASA General Safety Program Requirements.
n. NASA-STD-1006, Space System Protection Standard.
o. NASA-STD-8739.8, Software Assurance and Software Safety Standard.
p. NASA-HDBK-2203, NASA Software Engineering Handbook.
P.5 MEASUREMENT/VERIFICATION
Implementation of this directive is defined as implementing all the identified processes, activities, and requirements in accordance with the software classification and approved software tailoring. Compliance with this NPR is verified by submission of the completed Requirements Mapping Matrix(ces) to responsible NASA officials, including any approved tailoring (see Appendix C) and by internal and external controls. Internal controls processes are defined in NPD 1200.1, NASA Internal Control. Internal controls include surveys, audits, and reviews conducted in accordance with NPD 1210.2, NASA Surveys, Audits, and Reviews Policy. External controls may include external surveys, audits, and reporting or contractual requirements.
P.6 CANCELLATION
a. NPR 7150.2C, NASA Software Engineering Requirements, dated August 02, 2019.
b. NASA Interim Directive 7150-113: NASA Interim Directive for Software License Management, dated June 13, 2017.
Chapter 1: Introduction
1.1 Overview
1.1.1 This directive imposes requirements on procedures, design considerations, activities, and tasks used to acquire, develop, maintain, operate, retire, and manage applicable software. This directive is a designed set of requirements for protecting the ’Agency’s investment in software engineering products and fulfilling our responsibility to the citizens of the United States (U.S.).
1.1.2 The requirements in this directive have been extracted from industry standards and proven NASA experience in software engineering. Centers and software developers may show that many of the requirements are satisfied through existing programs, procedures, and processes.
1.1.3 The Agency makes significant investments in software engineering to support the Agency’s investment areas: Space Flight, Aeronautics, Research and Technology, Information Technology (IT), and Institutional Infrastructure. NASA ensures that programs, projects, systems, and subsystems that use software follow a standard set of requirements. One of the goals of this directive is to bring the Agency’s engineering and software development and management 1.1.2 The requirements in this directive have been extracted from industry standards and proven NASA experience in software engineering. Centers and software developers may show that many of the requirements are satisfied through existing programs, procedures, and processes.1.1.3 The Agency makes significant investments in software engineering to support the Agency’s investment areas: Space Flight, Aeronautics, Research and Technology, Information Technology (IT), and Institutional Infrastructure. NASA ensures that programs, projects, systems, and subsystems that use software follow a standard set of requirements. One of the goals of this directive is to bring the Agency’s engineering and software development and management communities together to optimize resources and talents across Center boundaries. For NASA to effectively communicate and work seamlessly across Centers, a common framework of generic requirements is needed. This directive fulfills this need for the Agency within the discipline of software engineering.
...
2.2 Principles Related to Tailoring Requirements
| Include Page | ||
|---|---|---|
|
|
| Include Page | ||||
|---|---|---|---|---|
|
2.2.3 In this directive, the phrase “the project manager shall...” means the roles and responsibilities of the project manager may be further delegated within the organization to the scope and scale of the system.
...
| Note |
|---|
Note: The request for relief from a requirement includes the rationale, a risk evaluation, and reference to all material that justifies supporting acceptance. The organization submitting the tailoring request informs the next higher level of involved management in a timely manner of the tailoring request. The dispositioning organization reviews the request with the other organizations that could be impacted or have a potential risk (i.e., to safety, quality, cybersecurity, health) with the proposed changes; and obtains the concurrence of those organizations. |
| Include Page | ||
|---|---|---|
|
|
2.2.7 The engineering, CIO, and SMA authorities shall review and agree with any tailored NPR 7150.2 requirements per the requirements mapping matrix authority column. [SWE-150]
...
