Tabsetup

	1. The Requirement
	1. The Requirement
1	2. Rationale
2	3. Guidance
3	4. Small Projects
4	5. Resources
5	6. Lessons Learned

Wiki Markup

{alias:SWE-085} {tabsetup:1. The Requirement|2. Rationale|3. Guidance|4. Small Projects|5. Resources|6. Lessons Learned} {div3:id=tabs-1} h1. 1. Requirements

Div

id	tabs-1

1. Requirements

4.1.7

The

project

shall

establish

and

implement

procedures

for

the

storage,

handling,

delivery,

release,

and

maintenance

of

deliverable

software

products.

h2. {color:#003366}{*}

1.1

Notes{*}{color} NPR

Notes

NPR 7150.2

does not include any notes for this requirement. h2. 1.2 Implementation Notes from Appendix D NPR 7150.2 does not include any notes for this requirement. h2. 1.3 Applicability Across Classes {applicable:asc=1\|ansc=1\|bsc=1\|bnsc=1\|csc=1\|cnsc=1\|dsc=1\|dnsc=p\|esc=1\|ensc=p\|f=1\|g=p|h=p|} {div3} {div3:id=tabs-2} h1. 2. Rationale Configuration management on a project ensures that software products, including code, associated documentation and software builds, are maintained in a manner that allows the project to reliably reproduce and track changes to these items.  Configuration management processes and controls provide the rigor and organization necessary for developers and their customers to have confidence that all changes to the code and documents are included in the released products.  It is important to ensure that what is delivered is created from the controlled repository.  Likewise, it is important that the released product is stored, maintained, and delivered following a repeatable, controlled process.  If a software product is intended to be released outside of a project, to another Center (not within the same project), to a contractor or to an entity outside of NASA, the project must follow release procedures documented in [NPR 2210.1|http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=2210&s=1C] or potentially become liable for violations of the [1958 Space Act|http://www.nasa.gov/offices/ogc/about/space_act1.html]. {div3} {div3:id=tabs-3} h1. 3. Guidance The [NASA Software Safety Standard|https://standards.nasa.gov/documents/detail/3314914] states that the "organization responsible for Software Configuration Management shall formally provide and document the release of safety-critical software." ^8^  As with other configuration management activities, the configuration management plan should include the plans and reference the procedures for software release management. When developing procedures for release management, all of the following should be addressed: * Preparation of the release package * Creation and delivery of the release package * Storage and maintenance of the release package Release management procedures may vary depending of the recipient of the release.  Internal releases, such as baselines released for testing, will most likely not require the same set of release activities and considerations as formal releases to external customers.  *{+}Preparation of the Release Package{+}* The STEP Level 2 Software Configuration Management and Data Management course taught by the Westfall Team{^}2^ provides a good list of release planning and scheduling activities. A checklist of activities to complete may be useful as part of the preparation to create the release package. A list of activities to consider includes: * Ensure the proper approvals have been documented and received, including:\* ** Software assurance - "Software assurance shall provide objective evidence to the project and NASA SMA of the software's readiness for operational release."^7^  Certification authority - "There shall be an official certification process established, documented, and conducted prior to the release of any safety-critical software for its intended operational use."^8^ ** Release authority -- Change Control Board (CCB) or other authorized "owner" * Ensure any required acceptance data package has been prepared (see the  [NASA Software Safety Guidebook|https://standards.nasa.gov/documents/detail/3315126]^9^ for typical content information), including the Version Description Document (VDD) (SWE-116) * Ensure all required configuration audits have been completed (SWE-084) * Ensure all approved deviations and waivers are documented * Ensure all change requests have been completed and verified * Ensure all documents and training materials are complete, including installation, customization and configuration documents, user and operator guides, and release notes * Ensure all legal issues such as licensing or export regulations are addressed, as applicable * Ensure any "ready to ship" reviews are completed * Ensure the all applicable portions of [NPR 2210.1|http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=2210&s=1C] have been completed, including the development of compliance matrices associated with [NPR 7150.2|http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=7150&s=2A], [NASA-STD-8739.8|https://standards.nasa.gov/documents/detail/3315130] and [NASA-STD-8719.13|https://standards.nasa.gov/documents/detail/3314914]. * Ensure all installation sites are prepared to receive and install the release, conducting any pre-installation visits as appropriate * Ensure required support personnel are trained and ready to address issues related to the installed release *{+}Creation and Delivery of the Release Package{+}* Procedures for creating the release package should be used once the preparation steps have been completed and it is time to create the release package.  Typically, there is a master copy of the release package and copies are distributed to customers.  Depending on center policy, the master may be created by the configuration management group and the copies created, packaged, and shipped by another group.  Whatever process is used should be clearly defined in the release management procedures. When developing those procedures, consider the following: * Identify the scope of the release, including the full set of configuration items that are to be included, their versions and revisions * Identify the tools to be used to create the release, including compilers and linkers * Identify the software to be used to create the release, including the operating system, macros, libraries * Identify software and tool options to be used (compiler options, environmental parameters) * Identify the procedures for creating the master copy of the release or reference them if captured elsewhere * Identify who generates the master copy of the release package * Document the format, layout, and media for the master * Document the verification process to confirm the master contains the proper configuration items * Identify the media to be used for the delivery copies * Document replication procedures to be used to generate copies of the master * Document verification procedures to be used to confirm the copies match the master (keep in mind that compilers can insert dates and times, so byte-by-byte compares should take this into account) * Document any virus checks that need to be run on the copies before delivery to the customer When developing procedures for delivery of the created package, consider the following: * Document whether the release is a full release, partial release which requires a previous full release to be installed first, or a patch; if all types will be used, procedures for creating and installing each should be created * Document delivery methods and procedures, including shipping methods, if required * Document security measures to be used when handling and shipping the release * Determine an installation schedule that works with the customer's schedule * Document responsibilities for performing installation and installation testing * Document responsibilities for configuring and/or customizing the installed software * Document plans to revert to an earlier release of the software, as applicable *{+}Storage and Maintenance of the Release Package{+}* As part of release management, the master should be safely and securely stored following documented procedures. When developing procedures for storing and maintaining the release package, consider the following: * Document the retention period; e.g., "master copies of code and documentation shall be maintained for the life of the software product" ([IEEE Standard for Software Configuration Management Plans|http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1502775&tag=1]^3^) * Document how to place the master into the configuration management system with its unique identifier * Document access restrictions * Document or reference any specific procedures for storing code and documentation for safety or security critical functions * Identify release records, such as the VDD, to be captured and stored with the release, as applicable \\ {panel} Consult center Process Asset Libraries (PALs) for center-specific guidance and resources related to managing deliverables and releases. {panel} Additional guidance related to configuration management of deliverable and releases may be found in the following related requirements in this handbook: | *SWE-079* | Develop CM Plan | | *SWE-081:* | Identify Software Configuration Management Items | | *SWE-083:* | Status Accounting | | *SWE-084:* | Configuration Audits | | *SWE-103* | Software Configuration Management Plan | \\ {div3} {div3:id=tabs-4} h1. 4. Small Projects Projects with limited budgets may choose to follow a common Center or project-level release management procedure rather than have separate procedures for each project.  Slight modifications may be required for each project, but the overall master process would not have to be developed or maintained on a per project basis. {div3} {div3:id=tabs-5} h1. 5. Resources # IEEE Computer Society, "[IEEE Guide to Software Configuration Management|http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=89631&tag=1]", IEEE STD 1042-1987, 1987.  This link requires an account on the NASA START (AGCY NTSS) system ([http://standards.nasa.gov|http://standards.nasa.gov/] ).  Once logged in, users can access Standards Organizations, IEEE and then search to get to authorized copies of IEEE standards. # STEP Level 2 Software Configuration Management and Data Management course, SMA-SA-WBT-204, [SATERN|https://saterninfo.nasa.gov/] (need user account to access SATERN courses). A SATERN user account is required to access this material. # IEEE Computer Society, "[IEEE Standard for Software Configuration Management Plans|http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1502775&tag=1]", IEEE STD 828-2005, 2005.  This link requires an account on the NASA START (AGCY NTSS) system ([http://standards.nasa.gov|http://standards.nasa.gov/] ).  Once logged in, users can access Standards Organizations, IEEE and then search to get to authorized copies of IEEE standards. # Flight and Ground Software Division, MSFC, "Software Development Process Description Document", EI32-OI-001, Revision R, 2010. # NASA Technical Standard, "[NASA Configuration Management (CM) Standard|https://standards.nasa.gov/documents/detail/3315133]", NASA-STD-0005, 2008. # [Checklist for Configuration Management|http://software.grc.nasa.gov/pilot/Processes%20and%20Checklists/SCM_CI_list.pdf], GRC. # NASA Technical Standard, "[NASA Software Assurance Standard|https://standards.nasa.gov/documents/detail/3315130]", NASA-STD-8739.8, 2004. # NASA Technical Standard, "[NASA Software Safety Standard|https://standards.nasa.gov/documents/detail/3314914]", NASA-STD-8719.13B, 2004. # NASA Technical Standard, "[NASA Software Safety Guidebook|https://standards.nasa.gov/documents/detail/3315126]", NASA-GB-8719.13, 2004. \\ h2. 5.1 Tools {panel} Tools relative to this SWE may be found in the table above.  If no tools are listed, none have been currently identified for this SWE.  You may wish to reference table XYZ in this handbook for an evolving list of these and other tools in use at NASA.  Note that this table should not be considered all-inclusive, nor is it an endorsement of any particular tool.  *Check with your Center to see what tools are available to facilitate compliance with this requirement*.  {panel} {div3} {div3:id=tabs-6} h2. 6. Lessons Learned There are currently no Lessons Learned listed for this requirement. {div3} {tabclose}

, NASA Software Engineering Requirements, does not include any notes for this requirement.

1.2 Applicability Across Classes

Classes D and Not Safety Critical, E and Not Safety Critical, G, and H are labeled with "P (Center)." This means that an approved Center-defined process which meets a non-empty subset of the full requirement can be used to achieve this requirement.

applicable

f	1
g	p
h	p
ansc	1
asc	1
bnsc	1
csc	1
bsc	1
esc	1
cnsc	1
dnsc	p
dsc	1
ensc	p

Div

id	tabs-2

2. Rationale

It is important to ensure that the delivered software is created from the controlled repository. Configuration management (CM) processes and controls provide the rigor and organization necessary for developers and their customers to have confidence that all changes to the code and documents are included in the released products. It is also important that the released product is stored, maintained, and delivered following a repeatable, controlled process. If a software product is intended to be released outside of a project, to another Center (not within the same project), to a contractor or to an entity outside of NASA, the project must follow release procedures documented in NPR 2210.1, Release of NASA Software, or potentially become liable for violations of the 1958 Space Act. Following NPR 2210.1 helps to identify and protect intellectual property contained in a software release and helps to ensure compliance with federal laws and export requirements (e.g., International Traffic in Arms Regulations (ITAR)).

Div

id	tabs-3

3. Guidance

NASA-STD-8719.13, NASA Software Safety Standard,

sweref

	271
	271

states that the "organization responsible for Software Configuration Management shall formally provide and document the release of safety-critical software."

sweref

	271
	271

As with other CM activities, the CM plan includes the plans and reference the procedures for software release management.

When developing procedures for release management, address all of the following:

Preparation of the release package.
Creation and delivery of the release package.
Storage and maintenance of the release package.

Release management procedures may vary depending of the recipient of the release. Internal releases, such as baselines released for testing, will most likely not require the same set of release activities and considerations as formal releases to external customers.

Preparation of the Release Package

The STEP (SMA (Safety and Mission Assurance) Technical Excellence Program) Level 2 Software Configuration Management and Data Management course taught by the Westfall Team

sweref

	343
	343

provides a good list of release planning and scheduling activities.

A checklist of activities to complete may be useful as part of the preparation to create the release package. A list of activities to consider includes:

Ensure the proper approvals have been documented and received, including:
- Software assurance - "Software assurance shall provide objective evidence to the project and NASA SMA of the software's readiness for operational release."
  sweref
  278
  278
- Certification authority - "There shall be an official certification process established, documented, and conducted prior to the release of any safety-critical software for its intended operational use."
  sweref
  271
  271
- Release authority – Change Control Board (CCB) or other authorized "owner."
Ensure any required acceptance data package has been prepared (see NASA-GB-8719.13, NASA Software Safety Guidebook,
sweref
276
276
for typical content information), including the Version Description Document (VDD) (SWE-116).
Ensure all required configuration audits have been completed (SWE-084).
Ensure all approved deviations and waivers are documented.
Ensure all change requests have been completed and verified.
Ensure all documents and training materials are complete, including installation and any special installation needs/support, customization and configuration documents, user and operator guides, and release notes.
Ensure all legal issues, such as licensing or export regulations (e.g., ITAR (International Traffic in Arms Regulations)), are addressed, as applicable.
Ensure any "ready to ship" reviews are completed.
Ensure all applicable portions of NPR 2210.1
sweref
373
373
have been completed, including the development of compliance matrices associated with NPR 7150.2
sweref
039
039
, NASA-STD-8739.8, Software Assurance Standard,
sweref
278
278
and NASA-STD-8719.13, NASA Software Safety Standard
sweref
276
276
.
Ensure all installation sites are prepared to receive and install the release, conducting any pre-installation visits as appropriate.
Ensure required support personnel are trained and ready to address issues related to the installed release.

Creation and Delivery of the Release Package

Procedures for creating the release package are used once the preparation steps have been completed and it is time to create the release package. Typically, there is a master copy of the release package and copies are distributed to customers. Depending on Center policy, the master may be created by the CM group and the copies created, packaged, and shipped by another group. Whatever process is used needs to be clearly defined in the release management procedures.

When developing those procedures, consider the following:

Identify the scope of the release, including the full set of configuration items (CIs) that are to be included, their versions and revisions.
Identify the tools to be used to create the release, including compilers and linkers.
Identify the software to be used to create the release, including the operating system, macros, libraries.
Identify software and tool options to be used (compiler options, environmental parameters).
Identify the procedures for creating the master copy of the release or reference them if captured elsewhere.
Identify who generates the master copy of the release package.
Document the format, layout, and media for the master.
Document the verification process to confirm the master contains the proper CI's.
Identify the media to be used for the delivery copies.
Document replication procedures to be used to generate copies of the master.
Document verification procedures to be used to confirm the copies match the master (keep in mind that compilers can insert dates and times, so byte-by-byte compares need to take this into account).
Document any virus checks that need to be run on the copies before delivery to the customer.
Document any testing to be performed at the customer site (e.g., regression testing).

When developing procedures for delivery of the created package, consider the following:

Document whether the release is a full release, partial release which requires a previous full release to be installed first, or a patch; if all types will be used, procedures for creating and installing each need to be created.
Document delivery methods and procedures, including shipping methods, if required.
Document security measures to be used when handling and shipping the release.
Determine an installation schedule that works with the customer's schedule.
Document responsibilities for performing installation and installation testing.
Document responsibilities for configuring and/or customizing the installed software.
Document plans to revert to an earlier release of the software, as applicable.

Storage and Maintenance of the Release Package

As part of release management, the master needs to be safely and securely stored following documented procedures. When developing procedures for storing and maintaining the release package, consider the following:

Document the retention period; e.g., "master copies of code and documentation shall be maintained for the life of the software product" (IEEE SA 1042-1987, IEEE Standard for Software Configuration Management
sweref
216
216
)
Document how to place the master into the CM system with its unique identifier.
Document access restrictions.
Document or reference any specific procedures for storing code and documentation for safety or security critical functions.
Identify release records, such as the VDD (Version Description Document), to be captured and stored with the release, as applicable.

Note
Consult Center Process Asset Libraries (PALs) for Center-specific guidance and resources related to managing deliverables and releases.

Additional guidance related to CM of deliverable and releases may be found in the following related requirements in this Handbook:

SWE-079	Develop CM Plan
SWE-081	Identify Software Configuration Management Items
SWE-083	Status Accounting
SWE-084	Configuration Audits
SWE-103	Software Configuration Management Plan

Div

id	tabs-4

4. Small Projects

Projects with limited budgets may choose to follow a common Center or project-level release management procedure rather than have separate procedures for each project. Slight modifications may be required for each project, but the overall master process would not have to be developed or maintained on a per project basis.

Div

id	tabs-5

5. Resources

refstable

toolstable

Div

id	tabs-6

6. Lessons Learned

There are currently no Lessons Learned identified for this requirement.

Content

Space Tools

Versions Compared

Old Version 3

New Version Current

Key

1. Requirements

1.1

Notes

1.2 Applicability Across Classes

2. Rationale

3. Guidance

4. Small Projects

5. Resources

6. Lessons Learned

Content

Space Tools

Page History

Versions Compared

Old Version 3

New Version Current

Key

1. Requirements

1.1

Notes

1.2 Applicability Across Classes

2. Rationale

3. Guidance

4. Small Projects

5. Resources

6. Lessons Learned