| NPR 7150.2 Section | SWE # | NPR 7150.2 Requirement | Software Assurance and Software Safety Tasks |
|---|
| 3 |
| Software Management Requirements |
|
| 3.1 |
| Software Life-Cycle Planning |
|
| 3.1.2 | 033 | | |
| 3.1.3 | 013 | | |
| 3.1.4 | 024 | | |
| 3.1.5 | 034 | | |
| 3.1.6 | 036 | | |
| 3.1.7 | 037 | | |
| 3.1.8 | 039 | | |
| 3.1.9 | 040 | | |
| 3.1.10 | 042 | | |
| 3.1.11 | 139 | | |
| 3.1.12 | 121 | | |
| 3.1.13 | 125 | | |
| 3.1.14 | 027 | | |
| 3.2 |
| Software Cost Estimation |
|
| 3.2.1 | 015 | | |
| 3.2.2 | 151 | | |
| 3.2.3 | 174 | | |
| 3.3 |
| Software Schedules |
|
| 3.3.1 | 016 | | |
| 3.3.2 | 018 | | |
| 3.3.3 | 046 | | |
| 3.4 |
| Software Training | |
| 3.4.1 | 017 | | |
| 3.5 |
| Software Classification Assessments |
|
| 3.5.1 | 020 | | |
| 3.5.2 | 176 | | |
| 3.6 |
| Software Assurance and Software
Independent Verification & Validation |
|
| 3.6.1 | 022 | | |
| 3.6.2 | 141 | | |
| 3.6.3 | 131 | | |
| 3.6.4 | 178 | | |
| 3.6.5 | 179 | | |
| 3.7 |
| Safety-Critical and Mission Critical Software |
|
| 3.7.1 | 205 | | |
| 3.7.2 | 023 | | |
| 3.7.3 | 134 | | |
| 3.7.4 | 219 | | |
| 3.7.5 | 220 | | |
| 3.8 |
| Automatic Generation of Software Source Code |
|
| 3.8.1 | 146 | | |
| 3.8.2 | 206 | | |
| 3.9 |
| Software Development Processes and Practices |
|
| 3.9.2 | 032 | | |
| 3.10 |
| Software Reuse |
|
| 3.10.1 | 147 | | |
| 3.10.2 | 148 | | |
| 3.11 |
| Software Cybersecurity |
|
| 3.11.2 | 156 | | |
| 3.11.3 | 154 | | |
| 3.11.4 | 157 | | |
| 3.11.5 | 159 | | |
| 3.11.6 | 207 | | |
| 3.11.7 | 185 | | |
| 3.11.8 | 210 | | |
| 3.12 |
| Software Bi-Directional Traceability |
|
| 3.12.1 | 052 | | |
| 4 |
| Software Engineering (Life Cycle) Requirements |
|
| 4.1 |
| Software Requirements |
|
| 4.1.2 | 050 | | |
| 4.1.3 | 051 | | |
| 4.1.4 | 184 | | |
| 4.1.5 | 053 | | |
| 4.1.6 | 054 | | |
| 4.1.7 | 055 | | |
| 4.2 |
| Software Architecture |
|
| 4.2.3 | 057 | | |
| 4.2.4 | 143 | | |
| 4.3 |
| Software Design | |
| 4.3.2 | 058 | | |
| 4.4 |
| Software Implementation |
|
| 4.4.2 | 060 | | |
| 4.4.3 | 061 | | |
| 4.4.4 | 135 | | |
| 4.4.5 | 062 | | |
| 4.4.6 | 186 | | |
| 4.4.7 | 063 | | |
| 4.4.8 | 136 | | |
| 4.5 |
| Software Testing |
|
| 4.5.2 | 065a | | |
| 4.5.2 | 065b | | |
| 4.5.2 | 065c | | |
| 4.5.2 | 065d | | |
| 4.5.3 | 066 | | |
| 4.5.4 | 187 | | |
| 4.5.5 | 068 | | |
| 4.5.6 | 070 | | |
| 4.5.7 | 071 | | |
| 4.5.8 | 073 | | |
| 4.5.9 | 189 | | |
| 4.5.10 | 190 | | |
| 4.5.11 | 191 | | |
| 4.5.12 | 192 | | |
| 4.5.13 | 193 | | |
| 4.5.14 | 211 | | |
| 4.6 |
| Software Operations, Maintenance, and Retirement |
|
| 4.6.2 | 075 | | |
| 4.6.3 | 077 | | |
| 4.6.4 | 194 | | |
| 4.6.5 | 195 | | |
| 4.6.6 | 196 | | |
| 5 |
| Supporting Software Life Cycle Requirements |
|
| 5.1 |
| Software Configuration Management |
|
| 5.1.2 | 079 |  The project manager shall develop a software configuration management plan that describes the functions, responsibilities, and authority for the implementation of software configuration management for the project.
| 1. Assess that a software configuration management plan has been developed and complies with the requirements in NPR 7150.2 and Center/project guidance. |
| 5.1.3 | 080 | The project manager shall track and evaluate changes to software products. | 1. Analyze proposed software and hardware changes to software products for impacts, particularly safety and security.
2. Confirm the following:a. The project tracks the changes.b. The changes are approved and documented before implementation.c. The implementation of changes is complete.d. The project tests the changes.
3. Confirm software changes follow the software change control process. |
| 5.1.4 | 081 | The project manager shall identify the software configuration items (e.g., software records, code, data, tools, models, scripts) and their versions to be controlled for the project. | 1. Confirm that the project has identified the configuration items and their versions to be controlled.2. Assess that the software safety-critical items are configuration-managed, including hazard reports and safety analysis. |
| 5.1.5 | 082 | The project manager shall establish and implement procedures to:
a. Designate the levels of control through which each identified software configuration item is required to pass.
b. Identify the persons or groups with authority to authorize changes.
c. Identify the persons or groups to make changes at each level. | 1. Confirm that software assurance has participation in software control activities.2. Perform an audit against the configuration management procedures to confirm that the project follows the established procedures. |
| 5.1.6 | 083 | The project manager shall prepare and maintain records of the configuration status of software configuration items. | 1. Confirm that the project maintains records of the configuration status of the configuration items. |
| 5.1.7 | 084 | The project manager shall perform software configuration audits to determine the correct version of the software configuration items and verify that they conform to the records that define them. | 1. Confirm that the project manager performed software configuration audits to determine the correct version of the software configuration items and verify that the results of the audit conform to the records that define them. |
| 5.1.8 | 085 | The project manager shall establish and implement procedures for the storage, handling, delivery, release, and maintenance of deliverable software products. | 1. Confirm that the project establishes procedures for storage, processing, distribution, release, and support of deliverable software products.2. Perform audits on the project to ensure that the project follows defined procedures for deliverable software products. |
| 5.1.9 | 045 | The project manager shall participate in any joint NASA/developer audits. | 1. Participate in or assess the results from any joint NASA/developer audits. Track any findings to closure. |
| 5.2 |
| Software Risk Management |
|
| 5.2.1 | 086 | The project manager shall record, analyze, plan, track, control, and communicate all of the software risks and mitigation plans. | 1. Confirm and assess that a risk management process includes recording, analyzing, planning, tracking, controlling, and communicating all software risks and mitigation plans. 2. Perform audits on the risk management process for the software activities. |
| 5.3 |
| Software Peer Reviews/Inspections |
|
| 5.3.2 | 087 | The project manager shall perform and report the results of software peer reviews or software inspections for:
a. Software requirements.
b. Software plans, including cybersecurity.
c. Any design items that the project identified for software peer review or software inspections according to the software development plans.
d. Software code as defined in the software and or project plans.
e. Software test procedures. | 1. Confirm that software peer reviews are performed and reported on for project activities. 2. Confirm that the project addresses the accepted software peer review findings.3. Perform peer reviews on software assurance and software safety plans.4. Confirm that the source code satisfies the conditions in the NPR 7150.2 requirement SWE-134, "a" through "l," based upon the software functionality for the applicable safety-critical requirements at each code inspection/review. |
| 5.3.3 | 088 | The project manager shall, for each planned software peer review or software inspection:
a. Use a checklist or formal reading technique (e.g., perspective-based reading) to evaluate the work products.
b. Use established readiness and completion criteria.
c. Track actions identified in the reviews until they are resolved.
d. Identify the required participants. | 1. Confirm that the project meets the NPR 7150.2 criteria in "a" through "d" for each software peer review.2. Confirm that the project resolves the actions identified from the software peer reviews.3. Perform audits on the peer-review process. |
| 5.3.4 | 089 | The project manager shall, for each planned software peer review or software inspection, record necessary measurements. | 1. Confirm that the project records the software peer reviews and results of software inspection measurements. |
| 5.4 |
| Software Measurements |
|
| 5.4.2 | 090 | The project manager shall establish, record, maintain, report, and utilize software management and technical measurements. | 1. Confirm that a measurement program establishes, records, maintains, reports, and uses software assurance, management, and technical measures. 2. Perform trending analyses on metrics (quality metrics, defect metrics) and report. 3. Collect any identified organizational metrics and submit them to the organizational repository. |
| 5.4.3 | 093 | The project manager shall analyze software measurement data collected using documented project-specified and Center/organizational analysis procedures. | 1. Confirm software measurement data analysis conforms to documented analysis procedures.
2. Analyze software assurance measurement data. |
| 5.4.4 | 094 | The project manager shall provide access to the software measurement data, measurement analyses, and software development status as requested to the sponsoring Mission Directorate, the NASA Chief Engineer, the Center Technical Authorities, HQ SMA, and other organizations as appropriate. | 1. Confirm access to software measurement data, analysis, and status as requested to the following entities, at a minimum:
- Sponsoring Mission Directorate
- NASA Chief Engineer
- Center Technical Authorities
- Headquarters SMA |
| 5.4.5 | 199 | The project manager shall monitor measures to ensure the software will meet or exceed performance and functionality requirements, including satisfying constraints. | 1. Confirm that the project monitors and updates planned measurements to ensure the software meets or exceeds performance and functionality requirements, including satisfying constraints.
2. Monitor and track any performance or functionality requirements that are not being met or are at risk of not being met. |
| 5.4.6 | 200 | The project manager shall collect, track, and report software requirements volatility metrics. | 1. Confirm that the project collects, tracks, and reports on the software volatility metrics.
2. Analyze software volatility metrics to evaluate requirements stability as an early indicator of project problems. |
| 5.5 |
| Software Non-conformance or Defect Management |
|
| 5.5.1 | 201 | The project manager shall track and maintain software non-conformances (including defects in tools and appropriate ground software). | 1. Confirm that all software non-conformances are recorded and tracked to resolution.2. Confirm that accepted non-conformances include the rationale for the non-conformance. |
| 5.5.2 | 202 | The project manager shall define and implement clear software severity levels for all software non-conformances (including tools, COTS, GOTS, MOTS, OSS, reused software components, and applicable ground systems). | 1. Confirm that all software non-conformances severity levels are defined.
2. Assess the application and accuracy of the defined severity levels to software non-conformances.3. Confirm that the project assigns severity levels to non-conformances associated with tools, COTS, GOTS, MOTS, OSS, and reused software components. 4. Maintain or access the number of software non-conformances at each severity level for each software configuration item. |
| 5.5.3 | 203 | The project manager shall implement mandatory assessments of reported non-conformances for all COTS, GOTS, MOTS, OSS, and/or reused software components. | 1. Confirm the evaluations of reported non-conformances for all COTS, GOTS, MOTS, OSS, or reused software components are occurring throughout the project life cycle.
2. Assess the impact of non-conformances on the project software's safety, quality, and reliability. |
| 5.5.4 | 204 | The project manager shall implement process assessments for all high severity software non-conformances (closed loop process). | 1. Perform or confirm that a root cause analysis has been completed on all identified high severity software non-conformances, and that the results are recorded and have been assessed for adequacy. 2. Confirm that the project analyzed the processes identified in the root cause analysis associated with the high severity software non-conformances.
3. Assess opportunities for improvement on the processes identified in the root cause analysis associated with the high severity software non-conformances. 4. Perform or confirm tracking of corrective actions to closure on high severity software non-conformances. |