Comment:
Migration of unmigrated content due to installation of a new plugin
Tabsetup
0
1. The Requirement
1
2. Rationale
2
3. Guidance
3
4. Small Projects
4
5. Resources
5
6. Lessons Learned
6
7. Software Assurance
Div
id
tabs-1
1. Requirements
Excerpt
3.5.1 The project manager shall classify each system and subsystem containing software in accordance with the highest applicable software classification definitions for Classes A, B, C, D, E, and F software in Appendix D.
1.1 Notes
The expected applicability of requirements in this directive to specific systems and subsystems containing software is determined through the use of the NASA-wide definitions for software classes in Appendix D in conjunction with the Requirements Mapping Matrix in Appendix C. These definitions are based on (1) usage of the software with or within a NASA system, (2) criticality of the system to NASA’s major programs and projects, (3) extent to which humans depend upon the system, (4) developmental and operational complexity, and (5) extent of the Agency’s investment.
1.2 History
Expand
title
Click here to view the history of this requirement: SWE-020 History
Include Page
SITE:SWE-020 History
SITE:SWE-020 History
1.3 Applicability Across Classes
Applicable c
a
1
b
1
csc
1
c
1
d
1
dsc
1
e
1
f
1
g
0
h
0
Div
id
tabs-2
2. Rationale
Classifying software provides essentially pre-tailoring of software engineering requirements, software safety requirements, software assurance requirements, and other software requirements for different types and levels of software. While every requirement may apply to the highest classification, not every requirement will apply to lower-level classifications.
Div
id
tabs-3
3. Guidance
Some projects may contain multiple systems and subsystems having different software classes. Appendix C in the NPR defines the default applicability of the requirements based on software classification and safety criticality. The applicability of NPR 7150.2 requirements is determined using the Requirements Mapping and Compliance Matrix in Appendix C of the NPR using the software class definitions in Appendix D of the NPR and the software’s safety criticality designation. Important to classification is the usage of the software with or within a NASA system, the criticality of the system to NASA’s major programs and projects, the extent to which humans depend upon the system, developmental and operational complexity, and the extent of the Agency’s investment.
Complete the classification of software as soon as it has been determined that a project includes software. Both the software development organization in conjunction with the project office and software assurance classify software and, as stated in the NPR 7150.2 note for this requirement, “Software management and software assurance must reach agreement on the classification of systems and subsystems. Disagreements are elevated via both the Engineering Technical Authority and Safety and Mission Assurance Technical Authority chains.”
When classifying software be sure to consider:
All software for the system or subsystem (classification may need to be assessed separately).
Swerefn
refnum
278
The purpose of the software.
How the software is intended to be used.
Relevance to major programs and projects.
Hardware controls.
Operations.
Interaction with humans.
Complexity (developmental and operational complexity is woven into the class definitions).
The risk to the project, Center, and Agency
Investment.
If a software component is determined to be safety-critical software, per the software safety-critical determination process defined in NASA-STD-8739.8, then the software component classification must be Software Class D or higher.
“Projects utilizing commercial, government, legacy, heritage, and MOTS software components typically take into consideration the importance of planning and managing the inclusion of those components into the project software... When software components use COTS applications (e.g., spreadsheet programs, database programs) within a NASA system/subsystem application, the software components typically are assessed and classified as part of the software subsystem in which they reside. Note that commercial, government, legacy, heritage, and MOTS software also have to meet the applicable requirements for each class of software.”
Swerefn
refnum
083
The commercial, government, legacy, heritage, and MOTS software components are verified and validated to the same level required to accept a similar developed software component for its intended use. The project needs to ensure that the COTS, MOTS, government off the shelf (GOTS), reused, and auto-generated code software components and data meet the applicable requirements in this directive and as assigned to its software classification as shown in Appendix C
Swerefn
refnum
083
.
The final classification of software occurs through a project agreement with the check performed by the Software Assurance organization. In the event of a conflict, the designated Software Engineering Technical Authority facilitates a resolution between the project and the Center Safety and Mission Assurance Organization, if possible. Note that software is not to be misclassified to reduce requirements on small or higher-risk missions. In these instances, a waiver request for reduced requirements submitted to the Engineering Technical Authority is the recommended course of action.
As a project progresses the software classification is revisited since design and usage decisions may be made which alter the original classification. The software classification should be reviewed and validated at each major project review or major change to determine if the existing classification is appropriate for the proposed use of the software in the system. For example, a research project may be so successful during development and testing that a decision is made to take the system out of the research laboratory and directly to the field for use in a real-world environment. This decision alters the software classification and, therefore, the engineering, safety, and assurance requirements associated with it.
NASA-Wide Software Classifications
Class A Human-Rated Space Software Systems
Class B Non-Human Space-Rated Software Systems or Large-Scale Aeronautics Vehicles
Class C Mission Support Software or Aeronautic Vehicles, or Major Engineering/Research Facility Software
Class D Basic Science/Engineering Design and Research and Technology Software
Class E Design Concept, Research, Technology, and General Purpose Software
Class F General Purpose Computing, Business, and IT Software
Notes: It is not uncommon for a project to contain multiple systems and subsystems having different software classes.
Definitions and examples for each software classification:
Class A: Human Rated Space Software Systems
a. Definition:
1. Human Space Flight Software Systems*: Ground and flight software systems developed or operated by or for NASA needed to perform a primary mission objective of human space flight and directly interact with human space flight systems. Limited to software required to perform "vehicle, crew, or primary mission function," as defined by software that is:
(a) Required to operate the vehicle or space asset (e.g., spacesuit, rover, or outpost), including commanding of the vehicle or asset.
(b) Required to sustain a safe, habitable1 environment for the crew.
(c) Required to achieve the primary mission objectives, or
(d) Required to directly prepare resources (e.g., data, fuel, power) that are consumed by the above functions.
*Includes software involving launch, on-orbit, in space, surface operations, entry, descent, and landing.
b. Examples:
Examples of Class A software (human-rated space flight) include, but are not limited to, the mission phases listed below.
1. During Launch:
Abort modes and selection; separation control; range safety; crew interface (display and controls); crew escape; critical systems monitoring and control; guidance, navigation, and control; and communication and tracking.
2. On-Orbit/In Space:
Extravehicular activity (EVA); control of electrical power; payload control (including suppression of hazardous satellite and device commands); critical systems monitoring and control; guidance, navigation, and control; life support systems; crew escape; rendezvous and docking; failure detection; isolation and recovery; communication and tracking; and mission operations.
1 Current standard that address habitability and environmental health, including atmospheric composition and pressure, air, and water quality and monitoring, acceleration, acoustics, vibration, radiation, thermal environment, combined environmental effects, and human factors, are documented in NASA-Standard-3001 Volume 1, Space Flight Human-System Standard: Crew Health, NASA-Standard-3001 Volume 2, Space Flight Human-System Standard: Human Factors, Habitability, and Environmental Health, FAA HFDS - Human Factors Design Standard.
3. On Ground:
Pre-launch and launch operations; Mission Control Center (and Launch Control Center) front-end processors; spacecraft commanding; vehicle processing operations; re-entry operations; flight dynamics simulators used for ascent abort calls; and launch and flight controller stations for human-crewed spaceflight.
4. Entry, Descent, and Landing (EDL):
Command and control; aero-surface control; power; thermal; fault protection; and communication and tracking.
5. Surface Operations:
Planet/lunar surface EVA and communication and tracking.
c. Exclusions:
Class A does not include:
1. Software that happens to fly in space but is superfluous to mission objectives (e.g., software contained in an iPod carried onboard by an astronaut for personal use); or
2. Software that exclusively supports aeronautics, research and technology, and science conducted without space flight applications; or
3. Systems (e.g., simulators, emulators, stimulators, facilities) are used to test Class A systems containing software in a development environment.
Class B: Non-Human Space Rated Software Systems or Large Scale Aeronautics Vehicles
a. Definitions:
1. Space Systems involve flight and ground software that should perform reliably to accomplish primary mission objectives or major function(s) in non-human space rated systems. Included is software involving launch, on-orbit, in space, surface operations, entry, descent, and landing. These systems are limited to software that is:
(a) Required to operate the vehicle or space asset (e.g., orbiter, lander, probe, flyby spacecraft, rover, launch vehicle, or primary instrument) such as commanding of the vehicle or asset;
(b) Required to achieve the primary mission objectives; or
(c) Required to directly prepare resources (data, fuel, power) that are consumed by the above functions.
2. Airborne Vehicles include large scale1 aeronautic vehicles unique to NASA in which the software:
(a) Is integral to the control of an airborne vehicle;
(b) Monitors and controls the cabin environment; or
(c) Monitors and controls the vehicle’s emergency systems.
This definition includes software for vehicles classified as “test,” “experimental,” or “demonstration” that meets the above definition for Class B software. Also included are systems in a test or demonstration where the software’s known and scheduled intended use is to be part of a Class A or B software system.
1 Large-scale (life-cycle cost exceeding $250M) fully integrated technology development system – see NPR 7120.8.
b. Examples:
Examples of Class B software include, but are not limited to:
1. Space, Launch, Ground, EDL, and Surface Systems:
Propulsion systems; power systems; guidance navigation and control; fault protection; thermal systems; command and control ground systems; planetary/lunar surface operations; hazard prevention; primary instruments; science sequencing engine; simulations that create operational EDL parameters; subsystems that could cause the loss of science return from multiple instruments; flight dynamics and related data; and launch and flight controller stations for non-human spaceflight.
2. Aeronautics Vehicles (Large Scale NASA Unique):
Guidance, navigation, and control; flight management systems; autopilot; propulsion systems; power systems; emergency systems (e.g., fire suppression systems, emergency egress systems, emergency oxygen supply systems, traffic/ground collision avoidance system); and cabin pressure and temperature control.
c. Exclusions:
Class B does not include:
1. Software that exclusively supports non-primary instruments on non-human space rated systems (e.g., the low-cost non-primary university supplied instruments); or
2. Systems (e.g., simulators emulators, stimulators, facilities) used in testing Class B systems containing software in a development environment; or
3. Software for NASA Class D payloads, as defined in NPR 8705.4.
Class C: Mission Support Software or Aeronautic Vehicles, or Major Engineering/Research Facility Software
a. Definitions:
1. Space Systems include the following types of software:
(a) Flight or ground software necessary for the science return from a single (non-primary) instrument;
(b) Flight or ground software used to analyze or process mission data;
(c) Other software for which a defect could adversely impact the attainment of some secondary mission objectives or cause operational problems;
(d) Software used for the testing of space assets;
(e) Software used to verify system requirements of space assets by analysis; or
(f) Software for space flight operations not covered by Class A or B software.
2. Airborne Vehicles include systems for non-large scale aeronautic vehicles in which the software:
(a) Is integral to the control of an airborne vehicle;
(b) Monitors and controls the cabin environment; or
(c) Monitors and controls the vehicle’s emergency system.
Also included are systems on an airborne vehicle (including large-scale vehicles) that acquire, store, or transmit the official record copy of flight or test data.
3. Major Engineering/Research Facility is systems that operate a major facility for research, development, test, or evaluation (e.g., facility controls and monitoring, systems that operate facility-owned instruments, apparatus, and data acquisition equipment).
4. Sounding Rockets and Sounding Rocket payloads.
5. Software for NASA Class D payloads, as defined in NPR 8705.4.
b. Examples:
Examples of Class C software include, but are not limited to:
1. Space Systems:
Software that supports prelaunch integration and test; mission data processing and analysis; analysis software used in trend analysis and calibration of flight engineering parameters; primary/major science data collection storage and distribution systems (e.g., Distributed Active Archive Centers); simulators, emulators, stimulators, or facilities used to test Class A, B, or C software in development; integration and test environments; software used to verify system-level requirements associated with Class A, B, or C software by analysis (e.g., guidance, navigation, and control system performance verification by analysis); simulators used for mission training; software employed by network operations and control (which is redundant with systems used at tracking complexes); command and control of non-primary instruments; ground mission support software used for secondary mission objectives, real-time analysis, and planning (e.g., monitoring, consumables analysis, mission planning); CubeSat mission software; SmallSat mission software; sounding rocket software and sounding rocket experiments or payload software; and all software on NASA Class D payloads, as defined in NPR 8705.4 to examples of Class C software.
2. Aeronautics Vehicles:
Guidance, navigation, and control; flight management systems; autopilot; propulsion systems; power systems; emergency systems (e.g., fire suppression systems, emergency egress systems, emergency oxygen supply systems, traffic/ground collision avoidance system); cabin pressure and temperature control; in-flight telescope control software; aviation data integration systems; automated flight planning systems and primary/major science data collection storage and distribution systems (e.g., Distributed Active Archive Centers); sounding rockets and sounding rocket experiments or payload software; flight software for free-flying unmanned aerial vehicles (UAVs) in public airspace or over-controlled ranges; Balloon Flight software and balloon flight experiment software, and all software on NASA Class D payloads, as defined in NPR 8705.4.
3. Major Engineering/Research Facility:
Major Center facilities; data acquisition and control systems for wind tunnels, vacuum chambers, and rocket engine test stands; ground-based software used to operate a major facility telescope; and major aeronautic applications facilities (e.g., air traffic management systems; high fidelity motion-based simulators).
c. Exclusions:
Class C does not include:
Systems unique to research, development, test, or evaluation activities in a major engineering/research facility or airborne vehicle in which the system is not part of the facility or vehicle and does not impact the operation of the facility or vehicle.
Class D: Basic Science/Engineering Design and Research and Technology Software
a. Definitions:
1. Basic Science/Engineering Design includes:
(a) Ground software that performs secondary science data analysis;
(b) Ground software tools that support engineering development;
(c) Ground software or software tools used for informal testing of software systems;
(d) Ground software tools that support mission planning or formulation;
(e) Ground software that operates a research, development, test, or evaluation laboratory (i.e., not a major engineering/research facility); or
(f) Ground software that provides decision support for non-mission critical situations.
2. Airborne Vehicle Systems include:
(a) Software whose anomalous behavior would cause or contribute to a failure of system function resulting in a minor failure condition for the airborne vehicle (e.g., DO-178B, “Class D”);
(b) Software whose anomalous behavior would cause or contribute to a failure of system function with no effect on airborne vehicle operational capability or pilot workload (e.g., DO-178B, “Class E”); or
(c) Ground software tools that perform research associated with airborne vehicles or systems.
3. Major Engineering/Research Facility related software includes research software that executes in a major engineering/research facility but is independent of the operation of the facility.
b. Examples:
Examples of Class D software include, but are not limited to:
1. Basic Science and Engineering Design:
Engineering design and modeling tools (e.g., computer-aided design and computer-aided manufacturing (CAD/CAM), thermal/structural analysis tools); project assurance databases (e.g., problem reporting, analysis, and corrective action system, requirements management databases); propulsion integrated design tools; integrated build management systems; inventory management tools; probabilistic engineering analysis tools; test stand data analysis tools; test stand engineering support tools; experimental flight displays evaluated in a flight simulator; forecasts and assimilated data products; and tools used to develop design reference missions to support early mission planning.
2. Airborne Vehicles:
Software tools for designing advanced human-automation systems; experimental synthetic-vision display; and cloud-aerosol light detection and ranging installed on an aeronautics vehicle; flight software for physically constrained UAVs such as UAVs on tethers, within cages, or used in indoor labs; and experimental UAV payloads with minor consequences of failure.
c. Exclusions:
Class D does not include:
1. Software that can impact primary or secondary mission objectives or cause loss of data that is generated by space systems;
2. Software that operates a major engineering/research facility;
3. Software that operates an airborne vehicle; or
4. Flight software (i.e., software that meets the flight portions of Class A, B, or C Software Classifications).
Class E: Design Concept, Research, Technology,and General Purpose Software
a. Definitions:
1. Software developed to explore a design concept or hypothesis but not used to make decisions for an operational Class A, B, or C system or to-be-built Class A, B, or C system.
2. Software used to perform minor analyses of science or experimental data. Class E software cannot be safety-critical software. If the software is classified as safety-critical software, then it has to be classified as Class D or higher.
3. A defect in Class E software may affect the productivity of a single user or small group of users but generally will not affect mission objectives or system safety.
4. Class E software runs in a general-purpose computing environment or a board top environment. Class E software does not support ground tests, flight tests, or operations.
b. Examples:
Examples of Class E software include, but are not limited to, parametric models to estimate performance or other attributes of design concepts; software to explore correlations between data sets; line of code counters; file format converters; and document template builders. Class E can include prototypes of flight and ground systems, developed at minimal cost, in the spirit of “exploring a design concept.” Once the design concept is demonstrated, and a program agrees to incorporate it for flight or ground operational use, or for an in-flight test of the technology, then the software should be upgraded to its appropriate classification, based on the operational (or in-flight test) use case. Class E software includes, but is not limited to, software such as word processing applications, spreadsheet applications, and presentation applications.
c. Exclusions:
Class E does not include:
1. Flight systems (i.e., software that meets the flight portions of Class A, B, C, or D Software Classifications);
2. Software developed by or for NASA to directly support an operational system (e.g., human-rated space system, robotics spacecraft, space instrument, airborne vehicle, major engineering/research facility, mission support facility, and primary/major science data collection storage and distribution systems);
3. Software developed by or for NASA to be flight-qualified to support an operating system;
4. Software that directly affects primary or secondary mission objectives;
5. Software that can adversely affect the integrity of engineering/scientific artifacts;
6. Software used in technical decisions concerning operational systems, or systems being developed for operation;
7. Software that has an impact on operational vehicles; or
8. Software that is safety-critical.
Business and Information Technology Infrastructure Software
Class F: General Purpose Computing, Business, and IT Software
a. Definition:
General-purpose computing Business and IT software used in support of the Agency, multiple Centers, multiple programs/projects, single Centers/projects, or locally deployed General Purpose Infrastructure To-Be Component of the NASA Enterprise Architecture. These software applications are generally used to support voice, a wide-area network, local area network, video, data Centers, business and IT application services (e.g., Finance, Logistics, Human Capital, Procurement), messaging and collaboration, and public Web. A defect in Class F software is likely to affect the productivity of multiple users across a single geographic location or several geographic locations and may affect mission objectives or system safety. Mission objectives can be cost, schedule, or technical objectives for any work that the Agency or a Center performs.
b. Examples:
Examples of Class F software include, but are not limited to, Agency-wide enterprise applications (e.g., WebTADS, SAP, eTravel, ePayroll, Business Warehouse), Center-specific software, or specific Web applications, including mobile applications; Agency-wide educational outreach software; software in support of the NASA-wide area network; and the NASA Web portal.
Panel
When questions arise regarding software classification, consult with the Engineering and SMA Technical Authorities (TAs).
Note
NASA users should consult Center Process Asset Libraries (PALs) for Center-specific guidance and resources related to classifying software.
NASA-specific software classification information and resources are available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
Additional guidance related to classifying software may be found in the following related requirement in this Handbook:
No additional guidance is available for small projects.
Div
id
tabs-5
5. Resources
5.1 References
refstable
Show If
group
confluence-users
Panel
titleColor
red
title
Visible to editors only
Enter the necessary modifications to be made in the table below:
SWEREFs to be added
SWEREFS to be deleted
SWEREFs called out in the text: 039, 278
SWEREFs NOT called out in text but listed as germane: 271, 332
5.2 Tools
Include Page
Tools Table Statement
Tools Table Statement
Div
id
tabs-6
6. Lessons Learned
6.1 NASA Lessons Learned
No Lessons Learned have currently been identified for this requirement.
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
Div
id
tabs-7
7. Software Assurance
Excerpt Include
SWE-020 - Software Classification
SWE-020 - Software Classification
7.1 Tasking for Software Assurance
Perform a software classification or concur with the engineering software classification of software per the descriptions in NPR 7150.2.
7.2 Software Assurance Products
Software Determination Classifications
Evidence of SA performed software classification and/or SA concurrence of project classification.
Note
title
Objective Evidence
Software classification level for the project's software products
Evidence of software assurance concurrence on the project software classification.
Expand
title
Definition of objective evidence
Include Page
SITE:Definition of Objective Evidence
SITE:Definition of Objective Evidence
7.3 Metrics
Percentage of total source code at each Software Classification (*organizational measure)
7.4 Guidance
An independent software assurance classification assessment is not required but can be done if needed by your center processes. Software engineering and software assurance must reach an agreement on the classification of systems and subsystems. Software assurance can just occur with the software engineering classification if they agree with the classification.
Some projects may contain multiple systems and subsystems having different software classes. Appendix C in the NPR defines the default applicability of the requirements based on software classification and safety criticality. The applicability of NPR 7150.2 requirements is determined using the Requirements Mapping and Compliance Matrix in Appendix C of the NPR using the software class definitions in Appendix D of the NPR and the software’s safety criticality designation. Important to classification is the usage of the software with or within a NASA system, the criticality of the system to NASA’s major programs and projects, the extent to which humans depend upon the system, developmental and operational complexity, and the extent of the Agency’s investment.
Complete the classification of software as soon as it has been determined that a project includes software. Both the software development organization in conjunction with the project office and software assurance classify software. As stated in the NPR 7150.2 note for this requirement, software engineering and software assurance must reach an agreement on the classification of systems and subsystems. Disagreements are elevated via both the Engineering Technical Authority and Safety and Mission Assurance Technical Authority chains.
When classifying software be sure to consider:
All software for the system or subsystem (classification may need to be assessed separately).
Swerefn
refnum
278
The purpose of the software.
How the software is intended to be used.
Relevance to major programs and projects.
Hardware controls.
Operations.
Interaction with humans.
Complexity (developmental and operational complexity is woven into the class definitions).
The risk to the project, Center, and Agency
Investment.
If a software component is determined to be safety-critical software, per the software safety-critical determination process defined in NASA-STD-8739.8
Swerefn
refnum
278
, then the software component classification must be Software Class D or higher.