{alias:SWE-079}
{tabsetup:1. The Requirement|2. Rationale|3. Guidance|4. Small Projects|5. Resources|6. Lessons Learned}

{div3:id=tabs-1}

h1. 1. Requirements

4.1.1 The project shall develop a Software Configuration Management Plan that describes the functions, responsibilities, and authority for the implementation of software configuration management for the project.

h2. {color:#003366}{*}1.1 Notes{*}{color}

The Software Configuration Management Plan may be a part of the project configuration management plan. The content is defined by the requirement in Chapter 5 \[of NPR 7150.2A\].


h2. 1.2 Implementation Notes from Appendix D

NPR 7150.2A does not include any notes for this requirement.

h2. 1.3 Applicability Across Classes

Class G is labeled with "P(Center).  This means that an approved Center-defined process which meets a non-empty subset of the full requirement can be used to achieve this requirement.

{applicable:asc=1|ansc=1|bsc=1|bnsc=1|csc=1|cnsc=1|dsc=1|dnsc=1|esc=1|ensc=0|f=1|g=p|h=0}
{div3}
{div3:id=tabs-2}




h1. 2. Rationale



{floatbox}
"The discipline of CM (configuration management) is vital to the success of any software effort. CM is an integrated process for identifying, documenting, monitoring, evaluating, controlling, and approving all changes made during the life-cycle of the program for information that is shared by more than one individual or organization." (NASA Software Safety Guidebook(1), NASA-GB-8719.13)

1\- [https://standards.nasa.gov/documents/detail/3315126]
{floatbox}

"Software configuration management is practiced during all phases of the software life cycle, from initiation of development through software maintenance, and is responsible for ensuring that any changes during the development and maintenance processes are made in a controlled and complete manner... Configuration management contributes to software safety by ensuring that documentation and source code are updated only through a formal process." ([NASA Software Safety Standard|https://standards.nasa.gov/documents/detail/3314914], NASA-STD-8719.13B)

The [NASA Software Safety Guidebook|https://standards.nasa.gov/documents/detail/3315126] describes the software configuration management (SCM) plan in this manner, "All software products, which includes far more than just code, must be configuration managed. Old files in a software build are a notorious problem, as are lost updates and other problems with changed files. The plan specifies what will be under configuration management (CM), what CM system will be used, and the process for moving an item into or out of the CM system."

Given that configuration management occurs throughout the project lifecycle and is critical to controlling and tracking all elements of the project, having a plan in place ensures that the team is informed of and performs all necessary and required configuration management tasks.  Development of the SCM plan provides the opportunity for stakeholders to give input and assist with the documentation and tailoring of the planned configuration management activities for the project. 

The SCM plan has both internal and external uses.  Internally, it is used within the project to guide, monitor, and measure the overall CM process. It describes both the CM activities planned for future acquisition phases and the schedule for implementing those activities.  Externally, the SCM plan is used to communicate the CM process to the contractors involved in the program. It establishes consistent CM processes and working relationships. ([NASA Systems Engineering Handbook|http://www.ap233.org/ap233-public-information/reference/20080008301_2008008500.pdf], NASA/SP-2007-6105, Rev1)
{div3}
{div3:id=tabs-3}

h1. 3. Guidance

The SCM plan describes the software configuration management for the project, including functions, responsibilities, and implementation authority.  This plan may be part of the software development plan (SDP) / software management plan (SMP) or it may be a standalone document. If the plan is a standalone document, part of its content should describe the SCM plan's relationship to other project plans, especially if configuration management activities are referenced or described in those plans.

{panel}Both providers and acquirers need to have a SCM plan. The contents of the provider plan are established in the contract.{panel}


The SCM plan primarily provides a formal method for managing change, but other activities are key to the overall process and should also be described in the plan.  See ?[SWE-103|7150:SWE-103 - Software CM Plan] in this handbook for guidance on required contents, but consider the following topics as well when developing the SCM plan:

* Configuration management of deliverable and non-deliverable software development products including
** Documentation (e.g., specifications, design documents, traceability matrices, presentations, project plans)
** Source code
** Object code
** Executables
** Data
** Development and test tools (operating systems, compliers, etc.)
** Development and test environments (both hardware and software)
** Testing software (e.g., test cases/scenarios, scripts (manual and automated), reports)
** Flow charts, UML or OOD products, input to automatic code generators
** Interface control documents, message formats, data formats
** COTS software
** Build procedures
** Defect lists, change requests, problem reports/corrective actions
** Metrics
* Configuration management of software assurance records
* Configuration management of safety-critical software requirements and software elements
* Configuration management of simulators, models, test suites, etc.
* Management of releases
* Configuration management of routine software configuration changes such as mission-specific database changes
* Assessment of changes for their impact on system safety
* Metrics to be collected from the configuration management system, such as lines of code, complexity, estimated and actual time for various activities (development, testing, bug fixes, etc.), number of defects
* Determinations that can be made from configuration metrics, such as defects per lines of code for a team, goodness of effort estimations, need for more time in unit testing, estimates for future updates/maintenance activities, etc.
* Processes for "handling classified information and sensitive but unclassified (SBU) information, including export controlled and proprietary information, as applicable" ([NASA Configuration Management (CM) Standard|https://standards.nasa.gov/documents/detail/3315133])
{div3}
{div3:id=tabs-4}

h1. 4. Small Projects

add
{div3}
{div3:id=tabs-5}

h1. 5. Resources

# add
# add

h2. 5.1 Tools

add
{div3}
{div3:id=tabs-6}

h2. 6. Lessons Learned

add
{div3}
{tabclose}