Content updates needed on this page:

Update tabs as necessary
Update References as necessary
Update Lessons Learned as necessary
Update space code in macros and links as needed - none - 11/23
Recopy from SWEHBVC when ready - DONE 3/23/2022 FDH
Update the links to SAANALYSIS in tab 7 of the following requirements SWE-050, SWE-051, SWE-192. Should link to 8.16, Software Requirements Analysis - DONE 3/23/2022 FDH
Correct link to Software Requirements Analysis (was linked to SWE- 51 Software Requirements Analysis) -Done SHG
Need to update tasks in Tab 3 for NASA-STD-8739.8Bc
Changed the name of "Software Architecture Review Checklist" to "Preparing for a Software Architecture Review" Uploaded new file, but old file is still in images. There are 3 of these SARB checklists–We need to be careful about the names
Added new Check lists for SA Design (8.16): Need to make into PATS as follows: PAT 29: Software Architecture Review Board Checklist; PAT 30: SARB Checklist with Guidance; PAT 31: Critical Design Analysis Checklist Files have been attached to Tab 2 in 8.16, but PAT images not made.
Tab 3 some tasks are not in 8729..8B, or were taken from the SWEHBVC version of SWEs. Is this a typo?
Tab 3 has been updated (in Version D) to match the approved version of NASA-STD-8739.8. A few products had additional tasks added, Many task numbers changed with the new Standard, and all of those have been updated with the changed task numbers and corresponding text. Those tasks that previously had SASS numbers now appear in the table with the section number where they appear in the revised Standard. (These tasks/requirements do not have corresponding SWE numbers).
Tab 3 has been updated for products resulting from the additional requirements in NPR 7150.2D or NASA-STD-8739,8
Products from many of the requirements/tasks are "objective evidence." Objective evidence products are not included in the Tab 2 matrix.
Numbering of Work Products starting with "8.51 - Software Assurance Plan". - 7/18/2023 - FDH
Moved Product Schedules section to tab 1 and renumbered tabs 3 and 4 to 2 and 3. Implemented Sticky Headers.

1. Introduction

Provides information for the major software assurance and safety work products resulting from the performance of the Software Assurance and Software Safety (SASS) tasks required in the NASA Software Assurance and Software Safety Standard, NASA-STD-8739.8. Each product’s section may include sub-products, potential analysis methods/technologies, and suggested content for capturing and reporting on the product activities.

This topic provides detailed information on the work products produced as a result of the performing the Software Assurance and Software Safety (SASS) tasks required in NASA-STD-8739.8 . Each SASS task has been mapped to one or more of nine major SASS products or the product listed as "Objective Evidence". See Topic 8.15 - SA Tasking Checklist Tool for the mapping. Each of the major products has sub-products that may include suggested content, methodologies, and result recording. The “Objective Evidence” products prove that a required SASS task has been performed. (A more specific definition of “Objective Evidence” may be found in the “Objective Evidence” tab.) Check the Handbook entries for both the products and the objective evidence since the products are also objective evidence.

Each major product has a detailed description and may include:

Sub-products – Sub-products are often part of the major work product but may also be recorded separately. For example, a Software Assurance Plan may contain the Safety Plan or the Safety Plan may be a separate document.
Product Guidance – Approaches and guidance that may be used to produce the product. For example, an analysis product may include information on the various types of analysis methods that could be used to produce the product.
Content List - Minimum required content that comprise the product. The work product content for a particular project will depend on the project’s approved SASS Requirements Mapping Matrix (i.e., tailoring matrix), safety criticality, and software classification. If the SASS tasks in NASA-STD-8739.8 have been tailored out and approved, then the content associated with those tailored tasks would no longer be required for inclusion in the products.

1.1 The major SASS work products are:

8.51 - Software Assurance Plan - Describes Software Assurance Plan content as well as sub-plans for Safety and Security
8.53 - IV&V Project Execution Plan - This is produced by the IV&V team and is not a software assurance or safety team responsibility.
8.54 - Software Requirements Analysis - This section focuses on analysis techniques for assuring and improving requirements
8.58 - Software Safety and Hazard Analysis - (Only applicable for safety-critical projects) - Under Construction –
8.55 - Software Design Analysis – Section focuses on analysis techniques for improving the design.
8.56 - Source Code Quality Analysis - Section focuses on analysis techniques for determining and improving source code quality.
8.57 - Testing Analysis - Discusses considerations for developing and evaluating test products (test plans, test procedures and test results)
8.52 - Software Assurance Status Reports - Contains recommended content for SA status reporting, including reporting details for analysis, assessments and audits.
8.59 - Audit Reports - Discusses required audits and provides information and resources for performing audits
Objective Evidence -

Choose the individual product titles to see the detailed information on each work product.

The chart below lists the work products, sub-products and the approximate phasing schedule for the work products.

1.2 Product Schedules

The following chart lists the major products with their sub-products and other details and provides the life cycle phase(s) where is product is typically developed. The SWE numbers associated with the SASS tasks that require the products are also listed. For the details of each task, see the chart in tab 3: Product/SASS task Mapping. Many products resulting from requirements/tasks are "objective evidence". These products are not included in the Tab 2 list of products, since there are numerous types of products that might result from these requirements/tasks.

Work Product Schedules Chart

Key: D=Draft, P=Preliminary, B=Baseline, U=Update, F=Final, A=Anytime, X=All Phases

#	Product Sub-Product Sub-Product Details	PLN	REQ	DES	IMP	TST	DEL	SWEs
1	Software Assurance Plan	D	P	B	U	U	U	013, 016, 024. 022,151
	Software Safety Plan	D	P	B				013, 016, 024, 024, 151
	Software Assurance Schedule	D	P	B	U	U	U	016, 046
	SASS Requirements Mapping Matrix	D	P	B	U	U	U	013, 121, 125, 176. Section 4.5.6
	Software Classification Determination	D	P	B				020, 176
2	IV&V Program Execution Plan (Done by IV&V)		B	U	U	U	U	SWE-131, Section 4.4.2.2
3	Software Requirements Analysis	D	B	U	U	U	F	034, 051, 080, 081, 184, 203
4	Software Safety and Hazard Analysis		P	B	U	U	F	034, 080, 081, 203, 205
5	Software Design Analysis			B	U	U	F	034, 057, 058, 080, 081, 134, 143, 203
6	Source Code Quality Analysis			D	P	B	U/F	034, 061, 080, 081, 134, 135, 158, 159, 185, 203, 207,220
7	Testing Analysis
	Software Test Plan Analysis			D	P	B	F	034, 071, 080, 081, 203
	Software Test Procedures Analysis				D	B	U/F	034, 065b, 071, 080, 081, 134, 159, 191, 203
	Software Test Results Analysis					P	B/F	034, 080, 081,134, 159, 190, 191, 203
	o Test Witnessing Signatures					X	X	066
8	SA Status Reports	X	X	X	X	X	X	037, 039, 134, 143
	List of SA Non-conformances, risks, issues, concerns (Non-conformances == SA Findings, Discrepancies, PRs, Defects)	D	U	U	U	U	U	037, 039, 054, 134, 143, 191, 199
	Results of any Analysis done in current phase	X	X	X	X	X	X
	o Verification Activities Analysis	X	X	X	X	X	X	034, 039, 081
	o Software Assurance Measurements & Analysis	X	X	X	X	X	X	090, 093, 200, 202
	o Root Cause Analysis	A	A	A	A	A	A	204
	Results of Assessments Done Since Last Report	X	X	X	X	X	X
	o Assessment of SA Plan	D	P	B	U	U	B/F	016, 075, 151
	o Assessment of SA Compliance w/ NASA-STD-8739.8	D	U	U	U	U	B/F	024
	o Assessment of Software Engineering Plans	D	P	B	U	U	B/F	016, 075, 086, 146, 151
	o Assessment of SW Engineering Compliance w/ NPR 7150.2	D	U	U	U	U	B/F	024, 079, 139
	o Assessment of CMMI Assessment Findings	A	A	A	A	A	A	032
	o Assessments of Hazard Analyses and Reports		P	B	U	U	F	081, 205
	o Assessments of Software Reviews results	D	U	U	U	U	B/F	034, 039, 143
	o Assessments of Risks in Acquisition vs Development Decisions	D	P	B				033
	o Assessments of Accuracy of Severity-Level Application to Non-Conformances	A	A	A	A	A	A	202
	o Assessments of Joint NASA/developer Audit Results	A	A	A	A	A	A	045
	Results of Audits Done Since Last Report	A	A	A	A	A	A	See “Audit Results” work
	Assessments of Technical Interchange Meetings results	D	U	U	U	U	B/F	039
	Assessments of Trade Studies and Source Data Results	D	P	B				039
	Project milestone reviews	X	X	X	X	X	X	037, 134, 143
	Record of Corrective Action Closures	A	A	A	A	A	A	204
9	Audit Reports	A	A	A	A	A	A
	Peer Review Process Audit Report	A	A	A	A	A	A	088
	Risk Management Process Audit Report	A	A	A	A	A	A	086
	Software Assurance Process Audit Report	A	A	A	A	A	A	022,032
	SW Development Processes and Practices Audit Report	A	A	A	A	A	A	032,039
	Standards and Processes Audit Report	A	A	A	A	A	A	195
	Software Configuration Management Baseline and Process/Procedure Audit Report	A	A	A	A	A	A	077,085
	Software Configuration Management Procedure Audit Report	A	A	A	A	A	A	082
10	Objective Evidence	X	X	X	X	X	X	All SWEs
	Records showing confirmations have been done*	X	X	X	X	X	X
	o *See Confirmations topic for other confirmations	X	X	X	X	X	X	All "Confirm" SASS Tasks
	o Software control activities	X	X	X	X	X	X	082
	Approvals/sign-offs on deliveries						X	094
	SA Peer Review records	X	X	X				087

1.3 Additional Schedules

Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the in the Resources tab.

2. Product/SASS Task Mapping

This chart lists all the products and sub-products required by NASA-STD-8739.8 and show the associated tasks relating to the products.

#	Product Sub-Product o Product Detail	Associated Tasks in NASA-STD-8739.8
1	Software Assurance Plan	SWE-013 SA Task 2: SWE-016 SA Task 2: SWE-022 SA Task 1: SWE-151 SA Task 1e: (SWE-151 1e. Includes the cost of the required software assurance support.)
	Software Safety Plan	SWE-013 SA Task 2: SWE-022 Task 1:
	Software Assurance Schedule	SWE-016 SA Task 2: SWE-046 SA Task 1:
	SASS Requirements Mapping Matrix	SWE-013 SA Task 2: SWE-121 SA Task 2: SWE-125 SA Task 2: Req4.5.1: Req4.5.6:
	Software Classification Determination	SWE-020 SA Task 1:
2	IV&V Program Execution Plan (Done by IV&V)	SWE-131 SA Task 1: To be done by IV&V: Req4.4.2.2:
3	Software Requirements Analysis	SWE-034 SA Task 1: SWE-051 SA Task 1: SWE-080 SA Task 1: SWE-081 SA Task 2: SWE-134 SA Task 1: SWE-184 SA Task 1: SWE-203 SA Task 2:
4	Software Safety and Hazard Analysis	SWE-034 SA Task 1: SWE-080 SA Task 1: SWE-081 SA Task 2: SWE-134 SA Task 1: SWE-135 SA Task 5: SWE-135 SA Task 6: SWE-184 Task 1: SWE-203 SA Task 2: SWE-205 SA Task 2: SWE-205 SA Task 3: SWE-205 SA Task 5:
5	Software Design Analysis	SWE-034 SA Task 1: SWE-057 SA Task 1: SWE-057 SA Task 2: SWE-058 SA Task 1: SWE-058 SA Task 2: SWE-058 SA Task 3: SWE-058 SA Task 5: SWE-080 SA Task 1: SWE-081 SA Task 2: SWE-134 SA Task 4: SWE-143 SA Task 1: SWE-203 SA Task 2:
6	Source Code Quality Analysis	SWE-034 SA Task 1: SWE-061 SA Task 2: SWE-080 SA Task 1: SWE-081 SA Task 2: SWE-134 Task 1: SWE-134 Task 2: SWE-135 Task 1: SWE-135 Task 3: SWE-159 Task 2: SWE-185 Task 1: SWE-203 Task 2: SWE-207 Task 1:
7	Testing Analysis	See individual sub-products.
	Software Test Plan Analysis	SWE-034 Task 1: SWE-071 Task 1: SWE-080 Task 1: SWE-081 Task 2: SWE-203 Task 2:
	Software Test Procedures Analysis	SWE-034 Task 1: SWE-065b Task 2: SWE-071 Task 1: SWE-080 Task 1: SWE-081 Task 2: SWE-134 Task 1: SWE-134 Task 2: SWE-159 Task 2: SWE-191 Task 3: SWE-203 Task 2:
	Software Test Results Analysis	SWE-034 Task 1: SWE-080 Task 1: SWE-081 Task 2: SWE-134 Task 1: SWE-134 Task 2: SWE-159 Task 2: SWE-190 Task 2: SWE-190 Task 3: SWE-191 Task 3: SWE-203 Task 2:
	o Test Witnessing	SWE-066 Task 2:
8	SA Status Reports	SWE-037 Task 2: SWE-039 Task 4: SWE-039 Task 6: SWE-134 Task 5: SWE-143 Task 1:
	List of SA Non-conformances, risks, issues, concerns (Non-Conformances =SA Findings, Discrepancies, PRs, Defects)	SWE-037 Task 2: SWE-039 Task 2: SWE-039 Task 7: SWE-054 Task 1: SWE-134 Task 5: SWE-143 Task 1: SWE-191 Task 3: SWE-199 Task 2:
	Results of any Analysis done in current phase	\|
	o Verification Activities Analysis	SWE-034 Task 1: SWE-039 Task 3: SWE-081 Task 2:
	o Software Assurance Measurements & Analysis	SWE-090 Task 2: SWE-093 Task 2: SWE-200 Task 2: SWE-202 Task 4:
	o Root Cause Analysis	SWE-204 Task 1: SWE-204 Task 3:
	Results of Assessments Done Since Last Report	See assessments listed below.
	o Assessment of SA Plan	SWE-016 Task 1: SWE-075 Task 1: SWE-151 Task 1:
	o Assessment of SA Compliance w/ NASA-STD-8739.8	SWE-024 Task 1:
	o Assessment of Software Engineering Plans	SWE-016 Task 1: SWE-075 Task 1: SWE-086 Task 1: SWE-146 Task 1: SWE-151 Task 1:
	o Assessment of SW Engineering Compliance w/ NPR 7150.2	SWE-024 Task 1: SWE-079 Task 1: SWE-139 Task 1:
	o Assessment of CMMI Assessment Findings	SWE-032 Task 2:
	o Assessment of Hazard Analyses and Reports	SWE-081 Task 2: SWE-205 SA Task 2: SWE-205 SA Task 3:
	o Assessment of Software Reviews results	SWE-034 Task 1: SWE-039 Task 4: SWE-143 Task 1:
	o Assessment of Risks in Acquisition vs Development Decisions	SWE-033 Task 3:
	o Assessment of Accuracy of Severity-Level Application to Non-conformances	SWE-202 Task 2:
	o Assessments of Joint NASA/developer Audit Results	SWE-045 Task 1:
	o Assessments of Technical Interchange Meetings results	SWE-039 Task 4:
	o Assessment of Trade Studies and Source Data Results	SWE-039 Task 4:
	Results of Audits Done Since Last Report	See Audit Reports
	Record of Corrective Action Closures	SWE-204 Task 4:
	9	Audit Reports
Peer Review Process Audit Report		SWE-088 Task 3:
Risk Management Process Audit Report		SWE-086 Task 2:
Software Assurance Process Audit Report		SWE-022 Task 1: SWE-032 Task 3:
SW Development Processes and Practices Audit Report		SWE-032 Task 3: SWE-039 Task 5:
Standards and Processes Audit Report		SWE-195 Task 1:
Software Configuration Management Baseline and Process/Procedure Audit Report		SWE-077 Task 2: SWE-085 Task 2:
Software Configuration Management Procedure Audit Report		SWE-082 Task 2:
10	Objective Evidence	All SWEs
	Records showing confirmations have been done*	All "Confirm" SASS Tasks. *See Confirmations topic for other confirmations.
	o Software control activities	SWE-082 Task 1:
	Approvals/sign-offs on deliveries	SWE-194 Task 5:
	SA Peer Review records	SWE-087 Task 3: