188.8.131.52 Center Director, or designee, shall comply with the requirements in this directive that are marked with an ”X” in Appendix C.
The responsibilities for approving changes in the requirements for a project are listed for each requirement in the requirement mapping matrix. When the requirement and software class are marked with an “X,” the projects will record the risk and rationale for any requirement that is not completely implemented by the project. The projects can document their related mitigations and risk acceptance in the approved Requirements Mapping Matrix. Project relief from the applicable cybersecurity requirements, section 3.11 Software Cybersecurity, has to include an agreement from the Center CIO or designee. The NASA Agency CIO, or Center CIO designee, has institutional authority on all Class F software projects.
The requirements marked with an “X” in Appendix C are Agency requirements to implement NASA’s policy as delineated in NPD 7120.4. These requirements are “a designed set of requirements for protecting the Agency's investment in software engineering products and to fulfill its responsibility to the citizens of the United States. ... For engineers to effectively communicate and work seamlessly among Centers, a common framework of generic requirements is needed.” Compliance with the requirements in NPR 7150.2
ensures these goals are fulfilled.
establishes a baseline set of requirements to reduce software engineering risks on NASA projects and programs. Appendix C, Requirements Mapping Matrix, defines the default applicability of the requirements based on software classification and safety criticality. Each project has unique circumstances and tailoring can be employed to modify the requirements set appropriate for the software engineering effort. Each project documents the tailoring in a compliance matrix (see SWE-125), including Technical Authority approved waivers and deviations. The project also captures in the compliance matrix any associated risks, risk mitigations, and rationale for requirements for which the project has received complete relief by the appropriate Technical Authority.
Requests for software requirements relief (partial or complete relief) at either the Center or Headquarters Technical Authority level may be submitted by project managers in the streamlined form of a compliance matrix to the Technical Authority identified in Appendix C. As part of the relief process, project managers obtain the required signatures from the responsible organizations and designated Technical Authorities (Engineering, Safety and Mission Assurance (SMA) and CIO (as required in the NPR 7150.2)).
The Requirements Mapping Matrix in NPR 7150.2 uses an “X” to identify the requirements that are designated by the Agency to be applied for each software class. The identified requirements are required activities for the identified software classification and safety criticality. Within the compliance matrix in Appendix C, there are both project and institutional requirements. The project requirements are requirements levied on the project managers specific to handling the development of software projects. The institutional requirements focus on how NASA does business and is independent of any particular program or project. These requirements are levied on NASA Headquarters (including the Office of the Chief Engineer, Office of Safety Mission & Assurance, and Mission Directors) and Center organizations because they directly affect mission success, address risks, or may impact other NASA programs, projects, processes, or procedures.
Center Directors are responsible for institutional requirements (shown in Book B of this Handbook) and ensuring that projects fulfill project requirements identified in Appendix C of NPR 7150.2. The Center Director or designee regularly reviews the compliance matrix to make sure that projects remain in compliance with their approved requirements set.
Downloadable compliance matrices for each class of software are available for NASA users in the Document Repository within the Software Engineering Community of Practice on the NASA Engineering Network (NEN).
Additional guidance related to requirements compliance may be found in the following related requirements in this Handbook: