...

1. Requirements

6.3.2 Each project with software components shall maintain a compliance matrix against requirements in this NPR, including those delegated to other parties or accomplished by contract vehicles.

1.1 Notes

Note: The compliance matrix documents the requirements that the project plans to meet and any approved waivers or deviations. The compliance matrix and compliance matrix updates should be submitted to the designated Center level Engineering Technical Authority for their records.

1.2 Applicability Across Classes

This requirement applies to all classes and safety criticalities.

...

...

3. Guidance

...

The software compliance matrix accounts for any approved waivers and deviations, including alternate requirements and general exclusions. For additional guidance associated with waivers and deviations see SWE-120, SWE-121, and SWE-126 . The compliance matrix has the additional feature of being usable by the program, project, or facility as a checklist to ensure coverage of all requirements applicable to the project.

...

The matrix typically is filled in with a description or identification of the document and section number or step that defines the method the project is using to comply with the requirement. There needs to be enough detail that an auditor can find the documentation to assess compliance at various points in the project life cycle.

Many projects contain software with requirements to be met by a combination of on-site workforce and external contractors. Contracts and agreements need to include the software requirements assigned to external development organizations consistent with the project's software compliance matrix. The compliance matrix template referred to above may need to be expanded to sufficiently capture the information about the software acquired by contract, e.g., prime contractor, subcontractor, listing of contractor-approved alternate requirements.

...

A well-formed compliance matrix entry will include:

• The requirement statement.
• Sufficient information to locate it in the controlling document.
• A listing of the revised or tailored requirement (see Guidance for SWE-140 for P(Center) requirements).
• An entry for the planned compliance demonstration activity.

The software development team typically enters into the matrix actual project evidence that demonstrates compliance as the project progresses. Often, this evidence is saved in a web- or server-based file or database in a central location that is available to the entire project team. In addition to project monitoring and control activities that capture the compliance matrix information and its updates within the project records, the information is also provided to the Center's software Engineering Technical Authority (ETA). This provision assures that the ETA is properly informed and takes appropriate action with respect to NASA's system of checks and balances in the areas of dissenting opinion, independent reviews, and compliance assessment. One of the things the TA routinely checks in compliance matrices is whether items marked "Not Applicable" are sufficiently justified. The project team develops the mechanics of the actual transmission of this information to the Center's ETA as a part of the overall project's planning activities.

...

5. Resources

...