1. Requirements

2.1.5.4 Center Director, or designee, shall comply with the requirements in this directive that are marked with an ”X” in Appendix C.

1.1 Notes

The responsibilities for approving changes in the requirements for a project are listed for each requirement in the requirement mapping matrix. When the requirement and software class are marked with an “X,” the projects will record the risk and rationale for any requirement that is not completely implemented by the project. The projects can document their related mitigations and risk acceptance in the approved Requirements Mapping Matrix. Project relief from the applicable cybersecurity requirements, section 3.11 Software Cybersecurity, has to include an agreement from the Center CIO or designee. The NASA Agency CIO, or Center CIO designee, has institutional authority on all Class F software projects.

1.2 History

Click here to view the history of this requirement: SWE-140 History

2. Rationale

The requirements marked with an “X” in Appendix C are Agency requirements to implement NASA’s policy as delineated in NPD 7120.4. These requirements are “a designed set of requirements for protecting the Agency's investment in software engineering products and to fulfill its responsibility to the citizens of the United States. ... For engineers to effectively communicate and work seamlessly among Centers, a common framework of generic requirements is needed.”  Compliance with the requirements in NPR 7150.2 ensures these goals are fulfilled.   

3. Guidance

NPR 7150.2 establishes a baseline set of requirements to reduce software engineering risks on NASA projects and programs. Appendix C, Requirements Mapping Matrix, defines the default applicability of the requirements based on software classification and safety criticality. Each project has unique circumstances and tailoring can be employed to modify the requirements set appropriate for the software engineering effort.  Each project documents the tailoring in a compliance matrix (see SWE-125), including Technical Authority approved waivers and deviations.  The project also captures in the compliance matrix any associated risks, risk mitigations, and rationale for requirements for which the project has received complete relief by the appropriate Technical Authority.

Requests for software requirements relief (partial or complete relief) at either the Center or Headquarters Technical Authority level may be submitted by project managers in the streamlined form of a compliance matrix to the Technical Authority identified in Appendix C.  As part of the relief process, project managers obtain the required signatures from the responsible organizations and designated Technical Authorities (Engineering, Safety and Mission Assurance (SMA) and CIO (as required in the NPR 7150.2)).

The Requirements Mapping Matrix in NPR 7150.2 uses an “X” to identify the requirements that are designated by the Agency to be applied for each software class.  The identified requirements are required activities for the identified software classification and safety criticality.  Within the compliance matrix in Appendix C, there are both project and institutional requirements.  The project requirements are requirements levied on the project managers specific to handling the development of software projects. The institutional requirements focus on how NASA does business and is independent of any particular program or project. These requirements are levied on NASA Headquarters (including the Office of the Chief Engineer, Office of Safety Mission & Assurance, and Mission Directors) and Center organizations because they directly affect mission success, address risks, or may impact other NASA programs, projects, processes, or procedures.

Center Directors are responsible for institutional requirements (shown in Book B of this Handbook) and ensuring that projects fulfill project requirements identified in Appendix C of NPR 7150.2. The Center Director or designee regularly reviews the compliance matrix to make sure that projects remain in compliance with their approved requirements set. 

Downloadable compliance matrices for each class of software are available for NASA users in the Document Repository within the Software Engineering Community of Practice on the NASA Engineering Network (NEN).

Additional guidance related to requirements compliance may be found in the following related requirements in this Handbook:

SWE-122 - Technical Authority Appointment
SWE-125 - Requirements Compliance Matrix
SWE-126 - Tailoring Considerations
SWE-139 - Shall Statements

4. Small Projects

No additional guidance is available for small projects. 

5. Resources

5.1 References

Enter the necessary modifications to be made in the table below:

SWEREFs to be addedSWEREFS to be deleted
Added SWEREF-083Removed SWEREF-039

SWEREFs NOT called out in text but listed as germane: 261

SWEREFs called out in the text: 083


5.2 Tools


6. Lessons Learned

6.1 NASA Lessons Learned

No Lessons Learned have currently been identified for this requirement.

6.2 Other Lessons Learned

No other Lessons Learned have currently been identified for this requirement.