1. Requirements Mapping and Compliance Matrix
The rationale for the requirements is contained in this Handbook (NASA Software Engineering Handbook, NASA-HDBK-2203). Programs/Projects may substitute a matrix that documents their compliance with their particular Center's implementation of NPR 7150.2 039, if applicable. This topic contains a compliance matrix for the requirements organized by class and including a tailoring field for each requirement, tailoring rationale, and approval signature lines.
The Compliance Matrix documents the program/project's compliance or intent to comply with the requirements of NPR 7150.2 039 or justification for tailoring. The matrix lists:
- The unique requirement identifier.
- The section reference.
- The NPR 7150.2 039 requirement statement.
- The Technical Authority Level responsible for assessing a project's compliance matrices, tailoring, waivers, and deviations from requirements in NPR 7150.2.
- The requirement owner (the organization or individual responsible for the requirement).
- The applicability of the requirements in NPR 7150.2 to specific systems and subsystems within the Agency's investment areas, programs, and projects is determined through the use of the NASA-wide definition of software classes.
Use the following guidance, also included in the matrix, to interpret the contents of the compliance matrix included in this topic:
X - Indicates an invoked requirement by this NPR consistent with Software Classification (See SWE-139). May be tailored with Technical Authority approval (NPR 7150.2, Chapter 2.2).
Blank - Optional/Not invoked by NPR 7150.2.
X (not OTS) - Does not apply to Off the Shelf (OTS), Commercial Software.
Center Director - Center Director or the Center Director's designated Engineering Technical Authority or Center Director's designated Safety and Mission Assurance Technical Authority.
Each requirement in this Handbook also includes a graphical representation of its compliance matrix data:
Applicability Across Classes
Class A B C D E F Applicable?
Key: - Applicable | - Not Applicable
The compliance matrix contains references to notes, e.g., “(Note 2)” which are included here for reference. These notes are also included in the compliance matrix itself.
Note 1 - Project is required to meet this requirement to the extent necessary to satisfy safety critical aspects of the software. All Safety-critical software has to be classified as Class D or Higher (See Topic 7.2).
Note 2 - Applies to Class B software except for Class B software on NASA Class D payloads, as defined in NPR 8705.4 048. For Class B software, in lieu of a CMMI rating by a development organization, the project will conduct an evaluation, performed by a qualified evaluator selected by the Center Engineering Technical Authority, of the seven process areas listed in SWE-032 and mitigate any risk, if deficient. This exception is intended to be used in those cases in which NASA wishes to purchase a product from the "best of class provider," but the best of class provider does not have the required CMMI rating. When this exception is exercised, the Center Engineering Technical Authority should be notified.
Note 3 - For tailoring of NASA-STD-8739.8, the Software Assurance and Software Safety Standard, use the tailoring provided within those documents. They are both risk-based and Software Class based tailoring.
Note 4 - The Technical Authority implementation responsibilities for Class F software is at the NASA Headquarters Chief Information Officer (CIO) level, the Technical Authority implementation responsibilities for Class G and H is at the Center CIO organization level or at the level defined in the Center Technical Authority implementation plan. All Safety-critical software has to be classified as Class D or higher (See Topic 7.2).
The Software Classification Spreadsheet
To download the Software Classification Spreadsheet 443, please click the link below.
NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.
The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.