2. APPLICABLE AND REFERENCE DOCUMENTS
2.1 Applicable Documents
The applicable documents are accessible via the NASA Technical Standards System at https://standards.nasa.gov or may be obtained directly from the Standards Developing Organizations or other document distributors.https://standards.nasa.gov or may be obtained directly from the Standards Developing Organizations or other document distributors.
2.1.1 Government Documents
| NPR 1400.1 | NASA Directives and Charters Procedural Requirements |
| NPR 7120.5 | NASA Space Flight Program and Project Management Requirements |
| NPR 7120.10 | Technical Standards for NASA Programs and Projects |
| NPR 7150.2 | NASA Software Engineering Requirements |
| NPR 8000.4 | Agency Risk Management Procedural Requirements NPR 8715.3 NASA General Safety Program Requirements |
| NASA-HDBK-2203 | NASA Software Engineering Handbook |
2.2 Reference Documents
The reference documents listed in this section are not incorporated by reference within this standard but may provide further clarification and guidance.
2.2.1 Government Documents
| NPD 2810.1 | NASA Information Security Policy |
| NPD 8720.1 | NASA Reliability and Maintainability Program Policy |
| NPR 1441.1 | NASA Records Management Program Requirements |
| NPR 2810.1 | Security of Information Technology |
| NPR 7123.1 | NASA Systems Engineering Processes and Requirements |
| NASA-STD-7009 | Standard for Models and Simulations |
| NASA-HDBK-8709.22 | Safety and Mission Assurance Acronyms, Abbreviations, and Definitions |
| NASA-HDBK-8739.23 | NASA Complex Electronics Handbook for Assurance Professionals |
| NASA-GB-8719.13 | NASA Software Safety Guidebook |
| NIST SP 800-40 | Creating a Patch and Vulnerability Management Program |
| NIST SP 800-53 | Security Controls and Assessment Procedures for Federal Information Systems and Organizations |
| NIST SP 800-70 | National Checklist Program for Information Technology products: Guidelines for Checklist Users and Developers |
| NIST SP 800-115 | Technical Guide to Information Security Testing and Assessment |
2.2.2 Non-Government Documents
| CMMI-DEV, V1.3 | Capability Maturity Model Integration (CMMI®) for Development, Version 1.3 |
| CMMI-DEV, V2.0 | CMMI® Development, Version 2.0 |
| IEEE 730-2014 | Institute of Electrical and Electronics Engineers (IEEE) Standard for Software Assurance Processes |
| IEEE 982.1-2005 | IEEE Standard Measures of the Software Aspects of Dependability, 8 November 2005 |
| IEEE 1012-2017 | IEEE Standard for System, Software, and Hardware Verification and Validation, 28 September 2017 |
| IEEE 1028-2008 | IEEE Standard for Software Reviews and Audits, 15 August 2008 |
| IEEE 1633-2016 | IEEE Recommended Practice on Software Reliability, 22 September 2016 |
| ISO 24765-2017 | System and Software Engineering – Vocabulary, Second Edition, |
2.3 Order of Precedence
2.3.1 This standard establishes requirements to implement a systematic approach to SA, Software Safety, and IV&V for software created, acquired, provided, or maintained by or for NASA but does not supersede nor waive established Agency requirements found in other documentation.
2.3.2 Conflicts between the Software Assurance and Software Safety Standard and other requirements documents will be resolved by the responsible SMA and engineering TA(ies), per NPR 1400.1, NASA Directives and Charters Procedural Requirements, and NPR 7120.10, Technical Standards for NASA Programs and Projects.
