See edit history of this section
Post feedback on this section
- 1. The Requirement
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
- 7. Software Assurance
1. Requirements
4.6.3 The project manager shall complete and deliver the software product to the customer with appropriate records, including as-built records, to support the operations and maintenance phase of the software’s life cycle.
1.1 Notes
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
1.2 History
1.3 Applicability Across Classes
Class A B C D E F Applicable?
Key: - Applicable | - Not Applicable
2. Rationale
The ultimate goal of software development is to provide a product to the customer. Documentation must accompany that delivery to ensure proper understanding, use, and maintenance of the delivered product.
3. Guidance
3.1 Delivery Package
Typical contents of a software delivery package for a completed software project include the source files, executables (the product), a user's manual, and a version description document that describes the delivered product and contains procedures for creating executable software and modifying the software.
Suggestions for documentation contents are defined in 7.18 - Documentation Guidance of this Handbook. Open-source software licenses are also considered part of the delivery package and are reviewed by the Center's Chief of Patent/Intellectual Property Counsel before being accepted (SWE-027 - Use of Commercial, Government, and Legacy Software.) Other documentation considered for delivery as appropriate for the project and its software classification (SWE-020 - Software Classification) includes:
- Summary and status of all accepted Change Requests to the baselined Software Requirements Specifications.
- Summary and status of all major software capability change since baselining of the Software Design Documents.
- Summary and status of all major software tests (including development, verification, and performance testing).
- Summary and status of all Problem Report written against the software.
- Summary and status of all software requirements deviations and waivers.
- Summary and status of all software user notes.
- Summary and status of all quality measures historically and for this software.
Definition of openwork, if any. - Software configuration records define the verified and validated software, including requirements verification data (e.g., requirements verification matrix).
- The final version of the software documentation (5.12 - SUM - Software User Manual), including the final Software Version Description document(s).
- Summary and status of any open software-related risks.
In addition to the items listed in this requirement, consider the following items for the software delivery package:
- Certifications. 278
- Software safety plan. 271
- Hazard analyses. 271
- Safety-critical software development audit reports. 271
- Safety-related verification reports. 271
- Installation instructions, including a description of the hardware environment. 276
- Operational constraints, including environmental limitations. 276
- Configuration files. 276
- Project documentation (e.g., software development/management plan (SDP/SMP), assurance plan, software requirements specification (SRS), design documents, configuration management plan (CMP), test plan). 276
- Testing performed and the results of those tests. 276
- Training manuals 041, training agreements. 224
- Maintenance/service/support agreement, processes, procedures. 224
- Development environment (any specialized hardware and software needed to build the executable software during the maintenance phase).
- Hardware is needed to test the software if specialized hardware is needed (for maintenance).
See also Topic 5.16 - VDD - Version Description Document, SWE-063 - Release Version Description
Once the project team establishes the set of documentation to be delivered with the software, the team keeps documents up-to-date throughout the project life cycle to avoid any delivery delays. Near the end of the project life cycle, the team updates any inconsistent documentation to ensure it includes the information needed to maintain the software in the future.
Before software delivery, a check of the software is made to verify that it conforms as-built to its technical documentation. When mismatches occur this close to software delivery, the project team updates the documentation to match the delivered software before delivery to the customer. It is important to perform an audit before delivery to ensure that "all delivered products are complete, contain the proper versions, and that all discrepancies, openwork, and deviations and waivers are properly documented and approved." 278
See also SWE-075 - Plan Operations, Maintenance, Retirement,
3.2 Generating The Delivery Package
Both the delivered software and the delivered documentation are generated/pulled from the project's configuration management system (SWE-085 - Release Management) as a baseline to ensure the latest versions are delivered to the customer.
Delivery package contents from a contracted software provider need to be fully described in the contract to ensure the acquirer receives all critical information required to operate and maintain the software (see also SWE-042 - Source Code Electronic Access). Other contract considerations related to delivery include:
- Ownership and delivery of source code.
- Usage considerations for off-the-shelf (OTS) software.
- Delivery format, security. 273 and method for all deliverables.
- Acceptance criteria (SWE-034 - Acceptance Criteria).
See topic 7.03 - Acquisition Guidance in this Handbook for additional guidance regarding delivery for contracted software development.
3.3 Additional Guidance
Additional guidance related to this requirement may be found in the following materials in this Handbook:
3.4 Center Process Asset Libraries
SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only. https://nen.nasa.gov/web/software/wiki 197
See the following link(s) in SPAN for process assets from contributing Centers (NASA Only).
SPAN Links |
---|
4. Small Projects
No additional guidance is available for small projects.
5. Resources
5.1 References
- (SWEREF-041) NPR 7123.1D, Office of the Chief Engineer, Effective Date: July 05, 2023, Expiration Date: July 05, 2028
- (SWEREF-157) CMMI Development Team (2010). CMU/SEI-2010-TR-033, Software Engineering Institute.
- (SWEREF-197) Software Processes Across NASA (SPAN) web site in NEN SPAN is a compendium of Processes, Procedures, Job Aids, Examples and other recommended best practices.
- (SWEREF-216) IEEE STD IEEE 828-2012, 2012., NASA users can access IEEE standards via the NASA Technical Standards System located at https://standards.nasa.gov/. Once logged in, search to get to authorized copies of IEEE standards.
- (SWEREF-224) ISO/IEC 12207, IEEE Std 12207-2008, 2008. IEEE Computer Society, NASA users can access IEEE standards via the NASA Technical Standards System located at https://standards.nasa.gov/. Once logged in, search to get to authorized copies of IEEE standards.
- (SWEREF-271) NASA STD 8719.13 (Rev C ) , Document Date: 2013-05-07
- (SWEREF-273) NASA SP-2016-6105 Rev2,
- (SWEREF-276) NASA-GB-8719.13, NASA, 2004. Access NASA-GB-8719.13 directly: https://swehb-pri.msfc.nasa.gov/download/attachments/16450020/nasa-gb-871913.pdf?api=v2
- (SWEREF-278) NASA-STD-8739.8B , NASA TECHNICAL STANDARD, Approved 2022-09-08 Superseding "NASA-STD-8739.8A,
- (SWEREF-534) Public Lessons Learned Entry: 1024.
5.2 Tools
NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.
The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.
6. Lessons Learned
6.1 NASA Lessons Learned
A documented lesson from the NASA Lessons Learned database notes the following:
- International Space Station (ISS) Program/Command and Data Handling/Firmware Documentation (Firmware Documentation.) Lesson Number 1024 534: "NASA should ensure that all firmware code...is properly documented and archived for future reference. Further, NASA should ensure that it retains the rights to such software. Direction to deliver copies of the documentation (requirement, design, test, etc.) of the firmware controller software prepared as part of their software development process is being given to each vendor."
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
7. Software Assurance
7.1 Tasking for Software Assurance
7.2 Software Assurance Products
- Software Configuration Management Baseline and Process/Procedure Audit Report
- Confirmation that Task 1 has occurred.
- Configuration management audits with audit findings to verify delivery products.
- Configuration management process audits with findings, and issues identified.
Objective Evidence
- Version description documents for the software builds.
- Software assurance audit results.
- Software configuration management data.
7.3 Metrics
- # of Configuration Management Audits conducted by the project – Planned vs. Actual
- # of Non-Conformances per audit (including findings from process and compliance audits, process maturity)
- Trends of # of Non-Conformances from audits over time (Include counts from process and standards audits and work product audits.)
- # of Open vs. # Closed Audit Non-Conformances over time
- # of Compliance Audits planned vs. # of Compliance Audits performed
- # of software process Non-Conformances by life cycle phase over time
- # of Non-Conformances identified in release documentation (Open, Closed)
- # of software components (e.g., programs, modules, routines, functions, etc.) planned vs. # released in each build
- # of process Non-Conformances (e.g., activities not performed) identified by SA vs. # accepted by the project
- Trends of # Open vs. # Closed over time
See also Topic 8.18 - SA Suggested Metrics.
7.4 Guidance
Software assurance will confirm that:
- all the software planned for the delivery has been completed and
- all software has been tested and has successfully met the acceptance test criteria, verifying that all the capabilities as per the requirements are ready for operations and maintenance.
- the software includes all the approved changes and the changes have been tested,
- all defects approved for implementation are implemented and have been successfully tested (Where similar software exists elsewhere in the system being delivered, confirm that developers have checked to see that the defect does not exist in those places)
- all planned documentation for the build is completed and included with the delivery (user manuals, as-built documentation, operations manuals, build procedures or scripts, regression test sets with expected results, maintenance handbooks, etc.)
- delivery includes a list of any changes or defects that have not been implemented and their status (deferred to maintenance, accepted with a workaround, accepted as is)
- all other products needed for operations and maintenance are included in the delivery
To confirm that all the software has been successfully tested and meets the acceptance criteria, software assurance should perform or participate in a functional configuration audit (FCA). This confirms that all requirements for the build have been tested and have successfully passed. Software assurance should confirm that any changes or defects implemented in the software have also been successfully tested, including regression testing.
In some cases, the software system may be delivered with known defects or non-functional capabilities if those are documented in the delivery documentation and the customer has agreed to accept the system with those defects. If the system is being delivered with known defects, the software assurance personnel should highlight any risks that those defects cause in the system, particularly if there are risks to the safety, security, or reliability of the software system. If risks are severe enough in those areas, software assurance might consider recommending not delivering the system until those risks are addressed.
In order the confirm that all products are included in the delivery in the correct versions, including the as-built documentation and project records, a physical configuration audit (PCA) against the documentation defining the delivery items needs to be performed. Software assurance will either perform this audit or participate in the audit and will sign off that the delivery is complete (i.e., it contains all the items it is supposed to have, in their correct versions for the delivery). The delivery items will be defined in the project documentation defining the planned builds and deliveries. Recorded version numbers of the items for delivery will be in the project configuration management system recording the baseline version planned for the delivery. These versions are usually also listed in the delivery letter or version description document (see 5.16 - VDD - Version Description Document) which are part of the delivery package. Other items that might be necessary for the delivery package are mentioned in the software guidance section of the requirement.
These tasks can be accomplished by Software Assurance reviewing the results of the configuration audits. Every task that involves performing an audit should also clarify that all audit findings are promptly shared with the project and will be addressed in the handbook guidance.
7.5 Additional Guidance
Additional guidance related to this requirement may be found in the following materials in this Handbook:
0 Comments