See edit history of this section
Post feedback on this section
1. Introduction
This topic provides detailed information on the work products produced as a result of the performing the Software Assurance and Software Safety (SASS) tasks required in NASA-STD-8739.8 278. Each SASS task has been mapped to one or more of nine major SASS products or the product listed as "Objective Evidence". See Topic 8.15 - SA Tasking Checklist Tool for the mapping. Each of the major products has sub-products that may include suggested content, methodologies, and result recording. The “Objective Evidence” products prove that a required SASS task has been performed. (A more specific definition of “Objective Evidence” may be found in the “Objective Evidence” tab.) Check the Handbook entries for both the products and the objective evidence since the products are also objective evidence.
Each major product has a detailed description and may include:
- Sub-products – Sub-products are often part of the major work product but may also be recorded separately. For example, a Software Assurance Plan may contain the Safety Plan or the Safety Plan may be a separate document.
- Product Guidance – Approaches and guidance that may be used to produce the product. For example, an analysis product may include information on the various types of analysis methods that could be used to produce the product.
- Content List - Minimum required content that comprise the product. The work product content for a particular project will depend on the project’s approved SASS Requirements Mapping Matrix (i.e., tailoring matrix), safety criticality, and software classification. If the SASS tasks in NASA-STD-8739.8 278 have been tailored out and approved, then the content associated with those tailored tasks would no longer be required for inclusion in the products.
1.1 The major SASS work products are:
- 8.51 - Software Assurance Plan - Describes Software Assurance Plan content as well as sub-plans for Safety and Security
- 8.53 - IV&V Project Execution Plan - This is produced by the IV&V team and is not a software assurance or safety team responsibility.
- 8.54 - Software Requirements Analysis - This section focuses on analysis techniques for assuring and improving requirements
- 8.58 - Software Safety and Hazard Analysis - (Only applicable for safety-critical projects) - Under Construction –
- 8.55 - Software Design Analysis – Section focuses on analysis techniques for improving the design.
- 8.56 - Source Code Quality Analysis - Section focuses on analysis techniques for determining and improving source code quality.
- 8.57 - Testing Analysis - Discusses considerations for developing and evaluating test products (test plans, test procedures and test results)
- 8.52 - Software Assurance Status Reports - Contains recommended content for SA status reporting, including reporting details for analysis, assessments and audits.
- 8.59 - Audit Reports - Discusses required audits and provides information and resources for performing audits
- Objective Evidence - This topic provides a definition with some examples of "objective evidence" and contains a listing of all the tasks in NPR-8739.8 278 where "objective evidence" may be the only product.
Choose the individual product titles to see the detailed information on each work product.
The chart in tab 2 of this topic lists the work products, sub-products and the approximate phasing schedule for the work products.
1.2 Product Schedules
The following chart lists the major products with their sub-products and other details and provides the life cycle phase(s) where is product is typically developed. The SWE numbers associated with the SASS tasks that require the products are also listed. For the details of each task, see the chart in tab 3: Product/SASS task Mapping. Many products resulting from requirements/tasks are "objective evidence". These products are not included in the Tab 2 list of products, since there are numerous types of products that might result from these requirements/tasks.
Work Product Schedules Chart
Key: D=Draft, P=Preliminary, B=Baseline, U=Update, F=Final, A=Anytime, X=All Phases
# | Product
| PLN | REQ | DES | IMP | TST | DEL | SWEs |
---|---|---|---|---|---|---|---|---|
1 | Software Assurance Plan | D | P | B | U | U | U | 013, 016, 024. 022,151 |
| D | P | B | 013, 016, 024, 024, 151 | ||||
| D | P | B | U | U | U | 016, 046 | |
| D | P | B | U | U | U | 013, 121, 125, 176. Section 4.5.6 | |
| D | P | B | 020, 176 | ||||
2 | IV&V Program Execution Plan (Done by IV&V) | B | U | U | U | U | SWE-131, Section 4.4.2.2 | |
3 | Software Requirements Analysis | D | B | U | U | U | F | 034, 051, 080, 081, 184, 203 |
4 | Software Safety and Hazard Analysis | P | B | U | U | F | 034, 080, 081, 203, 205 | |
5 | Software Design Analysis | B | U | U | F | 034, 057, 058, 080, 081, 134, 143, 203 | ||
6 | Source Code Quality Analysis | D | P | B | U/F | 034, 061, 080, 081, 134, 135, 158, 159, 185, 203, 207,220 | ||
7 | Testing Analysis | |||||||
| D | P | B | F | 034, 071, 080, 081, 203 | |||
| D | B | U/F | 034, 065b, 071, 080, 081, 134, 159, 191, 203 | ||||
| P | B/F | 034, 080, 081,134, 159, 190, 191, 203 | |||||
o Test Witnessing Signatures | X | X | 066 | |||||
8 | SA Status Reports | X | X | X | X | X | X | 037, 039, 134, 143 |
| D | U | U | U | U | U | 037, 039, 054, 134, 143, 191, 199 | |
| X | X | X | X | X | X | ||
o Verification Activities Analysis | X | X | X | X | X | X | 034, 039, 081 | |
o Software Assurance Measurements & Analysis | X | X | X | X | X | X | 090, 093, 200, 202 | |
o Root Cause Analysis | A | A | A | A | A | A | 204 | |
| X | X | X | X | X | X | ||
o Assessment of SA Plan | D | P | B | U | U | B/F | 016, 075, 151 | |
o Assessment of SA Compliance w/ NASA-STD-8739.8 | D | U | U | U | U | B/F | 024 | |
o Assessment of Software Engineering Plans | D | P | B | U | U | B/F | 016, 075, 086, 146, 151 | |
o Assessment of SW Engineering Compliance w/ NPR 7150.2 | D | U | U | U | U | B/F | 024, 079, 139 | |
o Assessment of CMMI Assessment Findings | A | A | A | A | A | A | 032 | |
o Assessments of Hazard Analyses and Reports | P | B | U | U | F | 081, 205 | ||
o Assessments of Software Reviews results | D | U | U | U | U | B/F | 034, 039, 143 | |
o Assessments of Risks in Acquisition vs Development Decisions | D | P | B | 033 | ||||
o Assessments of Accuracy of Severity-Level Application to Non-Conformances | A | A | A | A | A | A | 202 | |
o Assessments of Joint NASA/developer Audit Results | A | A | A | A | A | A | 045 | |
| A | A | A | A | A | A | See “Audit Results” work | |
| D | U | U | U | U | B/F | 039 | |
| D | P | B | 039 | ||||
| X | X | X | X | X | X | 037, 134, 143 | |
| A | A | A | A | A | A | 204 | |
9 | Audit Reports | A | A | A | A | A | A | |
| A | A | A | A | A | A | 088 | |
| A | A | A | A | A | A | 086 | |
| A | A | A | A | A | A | 022,032 | |
| A | A | A | A | A | A | 032,039 | |
| A | A | A | A | A | A | 195 | |
| A | A | A | A | A | A | 077,085 | |
| A | A | A | A | A | A | 082 | |
10 | Objective Evidence | X | X | X | X | X | X | All SWEs |
| X | X | X | X | X | X | ||
o *See Confirmations topic for other confirmations | X | X | X | X | X | X | All "Confirm" SASS Tasks | |
o Software control activities | X | X | X | X | X | X | 082 | |
| X | 094 | ||||||
| X | X | X | 087 |
Draft: Product is in outline form with some content; Still has a lot of TBDs (To Be Determined).
Preliminary: Most content is there but has not been baselined yet.
Baseline: Product reviewed and all actions completed.
Anytime: Product could be generated at anytime.
1.3 Additional Schedules
Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the Additional Guidance in the Resources tab.
2. Product/SASS Task Mapping
This chart lists all the products and sub-products required by NASA-STD-8739.8 and show the associated tasks relating to the products.
# | Product
o Product Detail | Associated Tasks in NASA-STD-8739.8 |
1 | Software Assurance Plan | SWE-013 SA Task 2: SWE-016 SA Task 2: SWE-022 SA Task 1:
1. Perform software assurance, software safety, and IV&V (if required) according to the software assurance and software safety standard requirements in NASA-STD-8739.8, Software Assurance and Software Safety Standard, and the Project’s software assurance plan.
SWE-151 SA Task 1e: (SWE-151 1e. Includes the cost of the required software assurance support.) |
| SWE-013 SA Task 2: SWE-022 Task 1:
1. Perform software assurance, software safety, and IV&V (if required) according to the software assurance and software safety standard requirements in NASA-STD-8739.8, Software Assurance and Software Safety Standard, and the Project’s software assurance plan.
| |
| SWE-016 SA Task 2: SWE-046 SA Task 1: 1. Confirm the project's schedules, including the software assurance’s/software safety’s schedules, are updated.
| |
| SWE-013 SA Task 2: SWE-121 SA Task 2: SWE-125 SA Task 2: 2. Maintain the requirements mapping matrix (matrices) for requirements in NASA-STD-8739.8.
Req4.5.1:
4.5.1: The Center SMA TA shall review and agree with any tailored Software Assurance and Software Safety Standard requirements.
Req4.5.6: 4.5.6 If a system or subsystem development evolves to meet a higher or lower software classification defined in NPR 7150.2, the software assurance, software safety, and IV&V organizations shall update their plan(s) to fulfill the applicable requirements per the Requirements Mapping Matrix and any approved changes and initiate adjustments to applicable contracts to meet the modified requirements. | |
| SWE-020 SA Task 1: | |
2 | IV&V Program Execution Plan (Done by IV&V) | SWE-131 SA Task 1: 1. Confirm that the IV&V Project Execution Plan (IPEP) exists.
To be done by IV&V: Req4.4.2.2:
4.4.2.2 The IV&V provider shall develop and negotiate an IV&V IPEP with the project. Note: The IV&V Execution Plan (IPEP) documents the activities, methods, level of rigor, environments, tailoring (if any) of the IV&V requirements, and criteria to be used in performing verification and validation of in-scope system/software behaviors (including responsible software components) determined by the planning and scoping effort.
|
3 | Software Requirements Analysis | SWE-034 SA Task 1: SWE-051 SA Task 1: SWE-080 SA Task 1: SWE-081 SA Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-134 SA Task 1: 1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l." SWE-184 SA Task 1: 1. Analyze and confirm that the software requirements documentation contains the software related safety constraints, controls, mitigations, and assumptions between the hardware, operator, and the software.
SWE-203 SA Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
|
4 | Software Safety and Hazard Analysis | SWE-034 SA Task 1: SWE-080 SA Task 1: SWE-081 SA Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-134 SA Task 1: 1. Analyze the software requirements and the software design and work with the project to implement NPR 7150.2 requirement items "a" through "l." SWE-135 SA Task 5: 5. Per SWE-219 for safety-critical software, verify code coverage and approved waivers. SWE-135 SA Task 6: 6. Per SWE-220 for safety-critical software, verify cyclomatic complexity and approved waivers. SWE-184 Task 1:
1. Analyze and confirm that the software requirements documentation contains the software related safety constraints, controls, mitigations, and assumptions between the hardware, operator, and the software.
SWE-203 SA Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
SWE-205 SA Task 2: SWE-205 SA Task 3: SWE-205 SA Task 5: |
5 | Software Design Analysis | SWE-034 SA Task 1: SWE-057 SA Task 1: SWE-057 SA Task 2: SWE-058 SA Task 1: SWE-058 SA Task 2: SWE-058 SA Task 3: SWE-058 SA Task 5: SWE-080 SA Task 1: SWE-081 SA Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-134 SA Task 4: 4. Analyze the software design to ensure the following: a. Use of partitioning or isolation methods in the design and code, b. That the design logically isolates the safety-critical design elements and data from those that are non-safety-critical.
SWE-143 SA Task 1: SWE-203 SA Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
|
6 | Source Code Quality Analysis | SWE-034 SA Task 1: SWE-061 SA Task 2: 2. Analyze that the software code conforms to all required software coding methods, rules, and principles.
SWE-080 SA Task 1: SWE-081 SA Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-134 Task 1: SWE-134 Task 2: SWE-135 Task 1:
1. Analyze the engineering data or perform independent static code analysis to check for code detects defects, software quality objectives, code coverage objectives, software complexity values, and software security objectives.
SWE-135 Task 3: 3. Assess that the project addresses the results from the static analysis tools used by software assurance, software safety, engineering, or the project.
SWE-159 Task 2: SWE-185 Task 1: SWE-203 Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
SWE-207 Task 1: |
7 | Testing Analysis | See individual sub-products. |
| SWE-034 Task 1: SWE-071 Task 1: SWE-080 Task 1: SWE-081 Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-203 Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
| |
| SWE-034 Task 1: SWE-065b Task 2: 2. Analyze the software test procedures for the following: a. Coverage of the software requirements. b. Acceptance or pass/fail criteria, c. The inclusion of operational and off-nominal conditions, including boundary conditions, d. Requirements coverage and hazards per SWE-066 and SWE-192, respectively. e. Requirements coverage for cybersecurity per SWE-157 and SWE-210.
SWE-071 Task 1: SWE-080 Task 1: SWE-081 Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-134 Task 1: SWE-134 Task 2: SWE-159 Task 2: SWE-191 Task 3: SWE-203 Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
| |
| SWE-034 Task 1: SWE-080 Task 1: SWE-081 Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-134 Task 1: SWE-134 Task 2: SWE-159 Task 2: SWE-190 Task 2: 2. Analyze the code coverage measurements to identify uncovered software code.
SWE-190 Task 3: SWE-191 Task 3: SWE-203 Task 2: 2. Assess the impact of non-conformances on the project software's safety, quality, and reliability.
| |
o Test Witnessing | SWE-066 Task 2: 2. Perform test witnessing for safety-critical software.
| |
8 | SA Status Reports | SWE-037 Task 2: SWE-039 Task 4: 4. Assess trade studies, source data, software reviews, and technical interchange meetings. SWE-039 Task 6: SWE-134 Task 5:
5. Participate in software reviews affecting safety-critical software products.
SWE-143 Task 1: |
| SWE-037 Task 2: SWE-039 Task 2: SWE-039 Task 7: SWE-054 Task 1:
1. Monitor identified differences among requirements, project plans, and software products and confirm differences are addressed and corrective actions are tracked until closure.
SWE-134 Task 5:
5. Participate in software reviews affecting safety-critical software products.
SWE-143 Task 1: SWE-191 Task 3: SWE-199 Task 2: | |
| | | |
o Verification Activities Analysis | SWE-034 Task 1: SWE-039 Task 3: SWE-081 Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
| |
o Software Assurance Measurements & Analysis | SWE-090 Task 2: SWE-093 Task 2: SWE-200 Task 2: 2. Analyze software volatility metrics to evaluate requirements stability as an early indicator of project problems.
SWE-202 Task 4: 4. Maintain or access the number of software non-conformances at each severity level for each software configuration item.
| |
o Root Cause Analysis | SWE-204 Task 1: 1. Perform or confirm that a root cause analysis has been completed on all identified high severity software non-conformances, and that the results are recorded and have been assessed for adequacy.
SWE-204 Task 3: | |
| See assessments listed below. | |
o Assessment of SA Plan | SWE-016 Task 1: SWE-075 Task 1: 1. Assess the maintenance, operations, and retirement plans for completeness of the required software engineering and software assurance activities.
SWE-151 Task 1: | |
o Assessment of SA Compliance w/ NASA-STD-8739.8 | SWE-024 Task 1: | |
o Assessment of Software Engineering Plans | SWE-016 Task 1: SWE-075 Task 1: 1. Assess the maintenance, operations, and retirement plans for completeness of the required software engineering and software assurance activities.
SWE-086 Task 1: SWE-146 Task 1: SWE-151 Task 1: | |
o Assessment of SW Engineering Compliance w/ NPR 7150.2 | SWE-024 Task 1: SWE-079 Task 1: SWE-139 Task 1: 1. Assess that the project's software requirements, products, procedures, and processes are compliant with the NPR 7150.2 requirements per the software classification and safety criticality for software.
| |
o Assessment of CMMI Assessment Findings | SWE-032 Task 2: | |
o Assessment of Hazard Analyses and Reports | SWE-081 Task 2: 2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis.
SWE-205 SA Task 2: SWE-205 SA Task 3: | |
o Assessment of Software Reviews results | SWE-034 Task 1: SWE-039 Task 4: SWE-143 Task 1: | |
o Assessment of Risks in Acquisition vs Development Decisions | SWE-033 Task 3: | |
o Assessment of Accuracy of Severity-Level Application to Non-conformances | SWE-202 Task 2: | |
o Assessments of Joint NASA/developer Audit Results | SWE-045 Task 1: | |
o Assessments of Technical Interchange Meetings results | SWE-039 Task 4: | |
o Assessment of Trade Studies and Source Data Results | SWE-039 Task 4: | |
| See Audit Reports | |
| SWE-204 Task 4: | |
9 | Audit Reports | |
| SWE-088 Task 3: | |
| SWE-086 Task 2: | |
| SWE-022 Task 1: 1. Perform software assurance, software safety, and IV&V (if required) according to the software assurance and software safety standard requirements in NASA-STD-8739.8, Software Assurance and Software Safety Standard, and the Project’s software assurance plan.
SWE-032 Task 3: 3. Perform audits on the software development and software assurance processes.
| |
| SWE-032 Task 3: 3. Perform audits on the software development and software assurance processes.
SWE-039 Task 5: | |
| SWE-195 Task 1: | |
| SWE-077 Task 2:
2. Perform audits for all deliveries per the configuration management processes to verify that all products are being delivered and are the correct versions.
SWE-085 Task 2: 2. Perform audits on the project to ensure that the project follows defined procedures for deliverable software products.
| |
| SWE-082 Task 2: 2. Perform an audit against the configuration management procedures to confirm that the project follows the established procedures.
| |
10 | Objective Evidence | All SWEs |
| All "Confirm" SASS Tasks. *See Confirmations topic for other confirmations. | |
o Software control activities | SWE-082 Task 1: | |
| SWE-194 Task 5: 5. Confirm that the approved changes to be implemented and the defects to be resolved have been resolved.
| |
| SWE-087 Task 3: |
2.1 Additional Guidance
Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the Additional Guidance in the Resources tab.
3. Resources
3.1 References
[Click here to view master references table.]
- (SWEREF-083) NPR 7150.2D, Effective Date: March 08, 2022, Expiration Date: March 08, 2027 https://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=7150&s=2D Contains link to full text copy in PDF format. Search for "SWEREF-083" for links to old NPR7150.2 copies.
- (SWEREF-278) NASA-STD-8739.8B , NASA TECHNICAL STANDARD, Approved 2022-09-08 Superseding "NASA-STD-8739.8A,
3.2 Tools
NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.
The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.
3.3 Additional Guidance
Additional guidance related to this requirement may be found in the following materials in this Handbook:
Related Links |
---|
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
|
3.4 Center Process Asset Libraries
SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only. https://nen.nasa.gov/web/software/wiki 197
See the following link(s) in SPAN for process assets from contributing Centers (NASA Only).
Changes to make in 8.16: Copy from Site to SWEHBVD page
- copy from SITE page: tab 1.2 and 1.3 copied into tab 1 of SWEHBVD page
- Save and confirm that sticky works
- In SWEHBVD page,
- Remove tab 2
- Rename tabs 3 and 4 to 2 and 3
- Renumber tabs appropriately
- Fix tablink2 macros
- Verify that SWEHBVD page looks and works like SITE page
0 Comments