Page History
...
| id | tabs-1 |
|---|
1. Requirements
2.2.10 The project shall implement software assurance per NASA-STD-8739.8, NASA Software Assurance Standard.
1.1 Notes
Software assurance activities occur throughout the life of the project. Engineering or the project may perform some of the actual analyses and activities. NASA's Safety and Mission Assurance organizations provide assurance that the products and processes are implemented according to the agreed upon plan(s). Software assurance is recommended on software activities and products, including solicitations, contract and memorandums of agreements, software plans, requirements, design, implementation, verification, validation, certification, acceptance, maintenance, operations, and retirement activities.
1.2 Applicability Across Classes
...
| f | 1 |
|---|---|
| g | 1 |
| h | 0 |
| ansc | 1 |
| asc | 1 |
| bnsc | 1 |
| csc | 1 |
| bsc | 1 |
| esc | 1 |
| cnsc | 1 |
| dnsc | 1 |
| dsc | 1 |
| ensc | 0 |
...
| id | tabs-2 |
|---|
2. Rationale
...
| id | tabs-3 |
|---|
3. Guidance
Software assurance activities begin during the initiation or pre-award phase of a project (before a Request for Proposal (RFP) is issued), continue through maintenance and retirement, and are performed by persons other than those carrying out the process or creating the product that is being assured.
Software assurance includes the disciplines of software quality, software safety, software reliability, software verification and validation (V&V), and independent V&V. All of these activities work together to ensure high quality products that operate safely. The amount of software assurance required for a project is based on the classification of the software SWE-020 and the safety criticality SWE-133 of the software.
...
To avoid misunderstandings and issues once the project has begun, the following software assurance items need to be considered for inclusion in the provider's contract:
- Access to provider processes and documentation, see SWE-040.
- Software assurance activities, meetings, reviews, etc. planned for the project.
- Standards and requirements for provider-performed software assurance activities.
- Software assurance metrics to be collected and reported by the software provider.
Use checklists, documented procedures, templates, etc. to ensure consistency among software assurance activities across projects.
| Note |
|---|
Consult Center Process Asset Libraries (PALs) for Center-specific guidance and resources related to software assurance. |
...
| id | tabs-4 |
|---|
4. Small Projects
Software assurance is required regardless of project size. Since NASA-STD-8739.8 defines roles, not individuals, projects with limited personnel resources, can use one person to fulfill multiple roles and perform multiple software assurance functions, as long as the proper independence for the specific requirement is maintained. In small project situations, sometimes it will be necessary for a project to have software assurance conducted by someone not on the project, but potentially from the same organization. This is not the preferred approach, but better than having no software assurance done at all.
...
| id | tabs-5 |
|---|
5. Resources
...
| toolstable |
|---|
...
| id | tabs-6 |
|---|
6. Lessons Learned
...
Software quality assurance implementation is a balancing activity that must be tailored as project appropriate.
...
Software quality assurance (SQA) must evaluate the process as well as the products.
...
There must be a software assurance plan.
...
Software quality assurance must span the entire software development life cycle.
...
Requirements are the birthplace of successful projects.
...
Software quality assurance does not equal testing.
"Too often project managers assume they have Quality Assurance since they are doing testing already, or believe they don't need quality assurance until testing. These are incorrect assumptions based on lack of experience, understanding and/or knowledge. From the aspect of quality assurance, the purpose of testing is to:
- Assure problems are documented, corrected, and used for process improvement.
- Assure problem reports are assessed for their validity.
- Assure reported problems and their associated corrective actions are implemented in accordance with customer approved solutions.
- Provide feedback to the developer and the user of problem status.
- Provide data for measuring and predicting Software Quality and Software Reliability."
...
Metrics are a necessity.
...
Safety and reliability are critical aspects of SQA.
...
Independent verification and validation (IV&V) is an important tool within SQA.
...
Hardware does not equal software!
...
Risk Management is not optional.
...
