1. Requirements

2.1.2.6 The NASA Chief, SMA shall provide for software assurance training. 

1.1 Notes

NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.

1.2 History

2. Rationale

Software Assurance (SA) plays a critical role in ensuring the safety, reliability, quality, and mission success of NASA projects and programs. The requirement for the NASA Chief, SMA to provide software assurance training is essential for several key reasons:

1. Ensures Safety and Mission Success

Software is at the core of NASA's operations, from spacecraft control systems to data analysis tools. Software defects or vulnerabilities can have disastrous consequences, including jeopardizing astronaut safety or undermining mission goals. Training ensures that all personnel involved in software assurance have the knowledge and skills to identify risks early, mitigate hazards, and enforce compliance with NASA's safety-critical software standards (e.g., NASA-STD-8739.8 ²⁷⁸, NPR 7150.2 ⁰⁸³).

2. Standardizes Software Assurance Practices Across NASA Centers

NASA is a vast organization with decentralized operations across multiple Centers and projects. Training provided by the NASA Chief, SMA ensures consistency in the application of software assurance processes, tools, and standards. This prevents discrepancies in how SA principles are implemented, ensuring uniform compliance with policies and high-quality outcomes across the Agency.

3. Builds Competency in Evolving Software Assurance Challenges

Software development technologies and methodologies evolve constantly. For example, shifts to agile development, DevSecOps, cloud environments, and artificial intelligence introduce new challenges for assurance and safety. Comprehensive training ensures that SA personnel stay updated on emerging risks, technologies, and best practices, thus equipping them to address unique challenges posed by modern and future NASA missions.

4. Improves Cybersecurity Posture

Software assurance is closely tied to cybersecurity, a growing concern for space missions. Threats such as unauthorized access, malware, and data breaches can compromise software systems and mission operations. By providing SA training, the NASA Chief, SMA equips NASA teams with the knowledge and tools to integrate strong cybersecurity protections into software development, testing, and assurance processes.

5. Supports Compliance with Standards

NASA software assurance processes, policies, and requirements are governed by standards such as NASA-STD-8739.8, NPR 7150.2, and federal cybersecurity guidelines (e.g., NIST SP 800-171 ⁶⁹⁹). Training ensures that teams understand the importance of compliance and how to meet contractual, statutory, and procedural requirements. This reduces the risk of non-compliance findings during audits and reviews.

6. Reduces Risk of Mission Failure Due to Software Issues

Historically, software-related failures have contributed to several high-profile NASA mission losses (e.g., the Mars Polar Lander mission due to undetected software defects). Training empowers software assurance personnel to detect and mitigate risks early in the lifecycle, ensuring avoided rework costs, fewer last-minute crisis corrections, and improved mission reliability.

7. Develops a Skilled Workforce

NASA’s workforce must be prepared to address the increasingly sophisticated demands of software assurance in a multi-disciplinary environment. Training provides the foundation for developing expertise in areas such as:

• Software risk analysis and management.
• Implementation of software assurance tools.
• Integration of software safety in systems engineering.
• Testing and validation methodologies for safety-critical software.

A well-trained workforce ensures that NASA can sustain software assurance excellence for future missions across Earth, Moon, Mars, and beyond.

8. Promotes Collaboration Between Teams

Training fosters better communication and collaboration between key stakeholders, such as software engineers, assurance teams, Independent Verification and Validation (IV&V) personnel, and project managers. By aligning understanding of software assurance goals, processes, and tools, training reduces inefficiencies and promotes teamwork across NASA Centers and mission teams.

9. Encourages Continuous Improvement

Training is an enabler of continuous improvement. By institutionalizing software assurance education and learning programs under the leadership of the NASA Chief, SMA, NASA reinforces its commitment to adaptive learning and improvement. Lessons learned from previous missions, advancements in technology, and updated software assurance practices can be incorporated into the training curriculum, enhancing future mission success.

10. Aligns with NASA’s Organizational Commitment to Excellence

NASA's focus on safety and mission assurance is central to its identity. Providing consistent software assurance training reflects NASA's broader organizational commitment to achieving excellence in all aspects of its operations, including software development and assurance. It demonstrates NASA is proactively preparing its workforce to handle the complexities associated with high-stakes missions.

2.2 Conclusion

The requirement for the NASA Chief, SMA, to provide software assurance training supports NASA’s overarching goals of maintaining mission success, reducing risks, fostering consistency, and developing a competent and collaborative workforce. Training ensures that software assurance personnel stay equipped with the knowledge, skills, and tools needed to uphold safety, cybersecurity, compliance, and reliability across all NASA programs, enabling space exploration with confidence and excellence.

3. Guidance

This guidance provides a clear roadmap to support NASA personnel in navigating available resources, tools, and training opportunities for software assurance and safety. The objective is to ensure that employees have access to the knowledge, skills, and best practices necessary to fulfill their responsibilities in compliance with NASA standards and requirements.

3.1 Software Assurance Curriculum

The Software Assurance Curriculum ³⁸⁵ is a comprehensive learning guide designed to assist you in planning your professional development journey through the SMA Technical Excellence Program (STEP) ²⁹⁴ at Levels 2, 3, and 4. The curriculum outlines all the courses, certifications, and activities aligned with your chosen STEP discipline. It provides an organized path to specialize in software assurance, enabling you to build expertise in processes, tools, and practices to ensure the safety, reliability, and efficiency of software systems.

This curriculum helps learners:

• Understand the technical principles underlying software assurance and safety compliance.
• Acquire hands-on experience through workshops, projects, and simulations.
• Meet NASA’s software engineering and assurance standards, including NASA-STD-8739.8 ²⁷⁸ and NPR 7150.2 ⁰⁸³.

Learners can find curriculum details through the My STEP application (see Section 3.7).

3.2 Software Assurance and Software Safety Website

The Software Assurance and Software Safety website ³⁵² is a centralized repository of processes, procedures, guidelines, and best practices for software assurance personnel. It includes resources to:

• Develop, test, sustain, and validate software that complies with NASA requirements.
• Access tools for hazard tracking, risk assessment, and independent verification and validation (IV&V).

This site acts as a "one-stop shop" for ensuring that software conforms to critical standards, such as safety-critical software development, quality engineering principles, and cybersecurity best practices. By using this resource, teams can align their activities to NASA’s commitment to mission success, software safety, and quality assurance.

3.3 NASA Safety Center – Professional Development

The NASA Safety Center (NSC) ⁴²⁰ provides professional development resources to equip the Safety and Mission Assurance (SMA) community with the tools, expertise, and knowledge needed for high-quality performance. These opportunities include:

• Discipline-specific guidance and support.
• NASA’s SMA Technical Excellence Program (STEP) (see Section 3.5).
• Topical webinars, lectures, workshops, and training tools designed to stay ahead in technical disciplines.

The NSC fosters world-class capabilities for NASA SMA by hosting initiatives aimed at improving proficiency in the seven core SMA disciplines (refer to Section 3.4). These professional development programs promote technical excellence, foster collaboration, and ensure compliance with NASA standards.

3.4 Discipline Support

The NSC Technical Discipline Team Leads provide technical expertise across seven core disciplines of SMA, creating cohesive working groups and communities of practice. These disciplines include:

1. Aviation Safety: Focused on software systems used in flight operations and aviation risk mitigation.
2. Operational Safety: Ensures adherence to practices that reduce operational risks.
3. Reliability and Maintainability (R&M): Evaluates software’s ability to meet reliability standards.
4. Quality Engineering: Covers quality assurance, inspection methods, and evaluations.
5. SMA Technical Leadership: Develops leadership skills for managing SMA challenges.
6. Software Assurance: Develops expertise in ensuring that software meets safety-critical requirements.
7. System Safety: Assesses risks and hazards at the system level, ensuring their safe integration.

Discipline leads actively contribute to creating and improving learning resources, such as guidelines, training modules, and tools.

3.5 SMA Technical Excellence Program (STEP)

SMA Technical Excellence Program (STEP) is NASA’s structured educational platform for advancing the expertise of SMA practitioners. It helps personnel develop, apply, and enhance their knowledge across various SMA disciplines while earning Continuing Education Units (CEUs).

Key Features of STEP:

• Personalized Learning Paths: New employees start at STEP Level 1 to gain foundational knowledge, while advanced learners progress to specialization programs at Levels 2, 3, and 4.
• Flexibility: STEP is accessible through SATERN ³⁵² and offered in 24/7 formats to fit learning into your schedule, whether you're at the office, at home, or traveling.
• Recognition of Prior Knowledge: Learners with relevant technical certifications may receive credit for some STEP courses.

Benefits:

• Guided assistance in navigating complex SMA requirements.
• Strengthening of specific skill sets in software assurance, system safety, and quality engineering.
• A structured learning process aligned with career development goals.

Participants track their progress through the My STEP application (see Section 3.7).

3.6 Webinars and Lectures

The NSC Webinars and Lectures are interactive sessions featuring leading experts from NASA, other government agencies, and private industry. They serve as an opportunity for SMA professionals to learn directly from accomplished thought leaders and expand their subject-matter expertise.

Available Topics:

• Software assurance and software safety processes and practices.
• Lessons learned from past projects and applying them to current missions.
• Emerging trends in software engineering, cybersecurity, and assurance.

These sessions offer insights that empower personnel to integrate cutting-edge ideas and practical solutions into their work.

3.7 Applications for SMA Professionals

The NSC Applications are digital tools designed to help SMA professionals strengthen discipline-specific knowledge, organize resources, and stay on track with their learning goals. Notable applications include:

1. SMA Learning Catalog:
   Access a comprehensive database of courses, lectures, and webinars. Tailored searches enable SMA professionals to locate content aligned with specific career objectives.

2. SMA Toolbox:
   A resource collection that complements STEP training, offering guides for software assurance, safety analysis, and compliance.

3. My STEP application:
   A personalized portal for managing your education and professional development journey. With My STEP, participants can:

   • Track completed courses and certifications.
   • Enroll in new learning activities.
   • Access recommendations for the next steps in their training journey.

Together, these applications foster an organized, efficient approach to learning and professional development.

3.8 Supporting Resources:

For additional information on training, see:

• SWE-017 – Project and Software Training
• SWE-100 – Software Training Funding

These resources outline funding options, project-specific training needs, and how to tailor software training to meet NASA’s mission and program objectives.

3.9 Conclusion

By leveraging these resources, including the Software Assurance Curriculum, SMA Technical Excellence Program (STEP), webinars, and NSC support, personnel can continually enhance their software assurance expertise. NASA’s commitment to training ensures that its workforce is well-prepared to address the complexities of modern software systems, maintain compliance, and uphold the highest standards of mission assurance.

3.10 Additional Guidance

Additional guidance related to this requirement may be found in the following materials in this Handbook:

See also Topic 5.15 - Train - Software Training Plan regarding the inclusion of SA training in a project Training Plan. 

3.11 Center Process Asset Libraries

See the following link(s) in SPAN for process assets from contributing Centers (NASA Only). 

4. Small Projects

Small projects often operate with fewer resources, smaller teams, and tighter schedules compared to large-scale NASA missions. However, the need for high-quality software assurance (SA) remains the same, as the stakes for mission success, safety, and compliance cannot be compromised. To help small projects meet the requirement effectively, the following guidance provides a tailored approach to software assurance training to ensure compliance without overburdening the team.

4.1 Guidance for Small Projects

4.1.1  Focus on Tailored and Essential Training

Small projects can prioritize their learning needs by focusing on essential software assurance and safety concepts relevant to their project size and classification. Rather than approaching training with the same depth as large programs, the training approach for small projects can be scaled to their scope and criticality.

Key Actions:

• Identify Priority Topics: For small projects, focus on the foundational topics most relevant to your project, including:
  • Software assurance fundamentals (e.g., software risk analysis, verification and validation).
  • Compliance with NPR 7150.2 ⁰⁸³, specifically tailored requirements (use SWE-126 - Tailoring Considerations where applicable).
  • Cybersecurity essentials for small-scale software.
  • Lessons learned from other small projects.
• Tailoring Training Paths: Use the SMA Technical Excellence Program (STEP) ²⁹⁴ at Level 1 to establish a basic understanding and progress selectively to advanced levels as needed. Small projects may not need to aim for full certification but should focus on individual trainings most directly tied to their risks.

Suggestions:

• Take advantage of hands-on workshops and lightweight, project-specific webinars that deliver practical knowledge in a condensed timeframe.
• Use the My STEP application to track progress and plan training suited to the small scope of your mission.

4.1.2. Access NASA’s Software Assurance Curriculum for Small Projects

The Software Assurance and Software Safety Curriculums ³⁸⁵ are designed to develop expertise in software assurance disciplines. Small projects should focus on training modules and activities aligned with the size, complexity, and safety classification of their software.

Key Actions:

• Choose training topics that directly address risk-relevant areas. For example:
  • For Class D or E software, focus on traceability and verification of requirements.
  • For Class H or low-risk infrastructure software, focus on software reliability standards and testing.
• Use applicable tools and techniques, such as lightweight approaches to hazard tracking and assurance metrics.

4.1.3. Leverage NASA Safety Center (NSC) Resources

The NASA Safety Center (NSC) ⁴²⁰ provides extensive professional development opportunities for software assurance personnel, including discipline-specific training that is scalable to match the needs of smaller teams.

Key Resources:

• Access webinars and lectures on demand to minimize disruption to the project team’s daily work. These sessions cover best practices, real-world insights, and lessons learned from other projects.
• Use NSC applications to streamline access to relevant materials:
  • The SMA Toolbox includes practical tools that complement training, enabling small teams to adopt software assurance practices tailored to their size.
  • The SMA Learning Catalog provides a searchable database of resources specific to small-scale software efforts.

4.1.4. Take Advantage of Flexible Learning Options

Small project teams often face tight schedules, making it difficult to allocate extended periods to training. NASA's training programs, including the SMA Technical Excellence Program (STEP), offer flexible formats that address these constraints.

Key Features of STEP for Small Projects:

• On-Demand Courses: STEP training is available 24/7 on SATERN ³⁵², allowing team members to balance training with other project needs.
• Self-Paced Learning: Team members can progress at their own pace, focusing on the specific skills and knowledge most critical to their responsibilities.
• Recognition of Prior Knowledge: Professionals with prior certifications or experience in Software Assurance can receive credit for applicable STEP courses, reducing the training burden.

4.1.5. Include Training as Part of the Project’s Tailored Plan

For small projects, limited resources highlight the need for a clear, streamlined training strategy integrated into the project's overall plans. Follow these steps:

Key Actions:

1. Include Training in the Project's Software Assurance Plan (SAP):
   • Identify which team members will complete specific training activities.
   • Document the minimum required training based on software classification and role.
2. Leverage Tailoring: Use SWE-126 - Tailoring Considerations from NPR 7150.2 to align training with the project’s specific assurance and compliance needs.

Example:

If a small project is implementing non-safety-critical software, the Software Assurance Plan could focus on training for:

• Basic implementation of static code analysis tools.
• Risk management for software vulnerabilities.
• Verifying compliance with applicable coding and documentation standards.

4.1.6. Use Just-in-Time (JIT) Training for Critical Phases

For small projects, a Just-in-Time (JIT) training approach ensures essential knowledge and skills are delivered when they are needed most, such as during key project milestones.

Examples of JIT Training:

• Preliminary Design Review (PDR): Conduct focused training on software requirement traceability and hazard analysis.
• Critical Design Review (CDR): Provide training on tools and processes for software validation and verification activities.
• Integration and Testing Phases: Focus training on automated testing tools and defect tracking to increase efficiency.

This phased approach reduces initial training overhead and ensures small teams are equipped to address risks and assurance activities specific to their project’s current phase.

4.1.7. Collaborate with Other Projects and Communities of Practice

Small projects can benefit by collaborating with other projects and leveraging shared resources from NASA's Software Assurance communities of practice.

Key Opportunities:

• Participate in working groups and knowledge-sharing forums organized by the NSC and discipline leads for Software Assurance.
• Reuse tools, templates, and procedures developed by similar small projects, reducing the learning curve and enabling swift implementation of assurance practices.
• Leverage internal lessons learned and best practices (e.g., pulling resources from the NASA Lessons Learned Information System (LLIS)).

4.1.8. Prioritize Cybersecurity and Risk Management Training

Small projects often use open-source or third-party software components, making cybersecurity training essential to address potential vulnerabilities.

Training Focus:

• Conduct courses on secure coding practices and understanding the software supply chain.
• Learn lightweight risk management processes that are scalable to small projects.
• Use cybersecurity self-assessments and automated tools to reduce human resource demands.

4.1.9. Seek Project-Specific NASA Guidance

If needed, small projects can get additional support and tailored advice directly from the NSC or the project’s SMA representative. Leverage their expertise to prioritize your team’s learning goals or receive specialized recommendations for building a manageable training program.

4.1.10. Funding for Training

Small projects should budget training in accordance with SWE-100 - Software Training Funding, ensuring that designated personnel receive adequate funding to attend essential courses. Leverage training grants or low-cost resources provided by the NASA Safety Center (NSC) to maximize effectiveness within budgetary constraints.

4.2 Summary Guidance for Small Projects

• Focus on essential, tailored training aligned with your project scale and classification.
• Leverage flexible formats like STEP's on-demand courses and self-paced learning.
• Use the Software Assurance Curriculum ³⁸⁵ to prioritize core topics for compliance.
• Collaborate with other projects and align with NASA’s communities of practice.
• Integrate training milestones within project planning to minimize overhead.

By following these strategies, small projects can meet NASA’s software assurance training requirements effectively, ensuring safety and compliance without overextending limited resources.

5. Resources

5.1 References

5.2 Tools

6. Lessons Learned

6.1 NASA Lessons Learned

To support the requirement, lessons learned from past NASA missions emphasize the importance of software assurance training in preventing software failures, improving compliance, strengthening mission safety, and fostering workforce development. Below are relevant and applicable lessons learned from NASA’s Lessons Learned Information System (LLIS) that underscore the value of software assurance training.

6.1.1  Relevant NASA Lessons Learned

1. LLIS-21439: Software Errors Contributing to Mars Polar Lander Loss

• Lesson Learned:
  The Mars Polar Lander (1999) failure was partially attributed to undetected software errors and insufficient Independent Verification and Validation (IV&V). The project team overlooked critical software assurance processes, which led to premature engine shutdown due to a misinterpretation of sensor signals.

• Relevance to Training:
  Software assurance training can help teams identify hidden flaws by equipping personnel with tools and practices for rigorous testing and validation. Training emphasizes the importance of hazard analysis, IV&V collaboration, and implementing software assurance standards throughout the lifecycle.

2. LLIS-25009: Risk Management Weaknesses in Software Assurance

• Lesson Learned:
  Several NASA projects experienced risk mismanagement due to inadequate training on software assurance and safety practices. Teams failed to recognize and mitigate critical risks in software systems, leading to avoidable cost overruns and rework.

• Relevance to Training:
  Training equips personnel with skills to proactively identify, analyze, and mitigate risks associated with software components. Courses should focus on risk management techniques, hazard tracking tools, and compliance with NPR 7150.2 ⁰⁸³ and NASA-STD-8739.8 ²⁷⁸.

3. LLIS-19779: Importance of Metrics in Software Assurance

• Lesson Learned:
  A NASA mission suffered delays and missed milestones due to inconsistencies in tracking progress with clear software assurance metrics. The lack of training on how to use metrics for ensuring software quality created gaps in project oversight and decision-making.

• Relevance to Training:
  Training helps software assurance personnel understand how to use metrics to track compliance, monitor progress, and optimize software quality assurance efforts. Courses should include instruction on implementing meaningful software assurance metrics and integrating them into project management.

4. LLIS-22160: Importance of Integrating Lessons Learned

• Lesson Learned:
  NASA repeatedly observed failures in integrating lessons learned into new missions, resulting in recurring software-related issues. Teams often lacked training to leverage historical lessons during project planning and execution.

• Relevance to Training:
  Training should include modules that focus on applying lessons learned from prior missions to current projects. Educating teams on the Lessons Learned Information System (LLIS) ensures that past mistakes are avoided, risks are mitigated, and projects benefit from proven solutions.

5. LLIS-23911: Cybersecurity Vulnerabilities in Software Systems

• Lesson Learned:
  A NASA ground system used for processing mission data encountered cybersecurity vulnerabilities due to inadequate secure coding practices. The team lacked training in essential software assurance principles related to cybersecurity, exposing the system to risks of unauthorized access and data breaches.

• Relevance to Training:
  Software assurance training must integrate cybersecurity best practices into the curriculum, including secure coding, vulnerability management, and risk assessments. Small projects, in particular, benefit from lightweight cybersecurity protocols that can be applied as part of assurance processes.

6. LLIS-14758: Tailored Software Assurance Processes for Small Projects

• Lesson Learned:
  Small NASA projects often struggled due to applying overly complex software assurance practices designed for large-scale missions. Successful small projects tailored assurance processes to focus on high-priority risks and lightweight compliance.

• Relevance to Training:
  Training programs should emphasize tailoring practices for small projects (e.g., using SWE-126 - Tailoring Considerations in NPR 7150.2) and focus educational efforts on efficient methods for ensuring software compliance and quality in resource-constrained environments.

7. LLIS-1221: Leveraging Communities of Practice

• Lesson Learned:
  Some NASA projects successfully mitigated software assurance challenges by collaborating with Communities of Practice (CoPs) and working groups. However, teams lacking training on how to connect with these communities missed opportunities to leverage shared knowledge and tools.

• Relevance to Training:
  Software assurance training should educate personnel on the importance of engagement with NASA's communities of practice and Industry working groups. Courses can highlight how teams can leverage expertise to improve compliance and utilize technical resources.

8. LLIS-16000: Overuse of Proprietary Tools Without Training

• Lesson Learned:
  A NASA project relied heavily on third-party proprietary software tools without providing adequate training on tool functionality and limitations. This led to inefficiencies in assurance processes and delays in achieving software validation milestones.

• Relevance to Training:
  Training should include step-by-step instruction on selecting, implementing, and using software assurance tools tailored to the project's scope. This ensures teams can use tools effectively to perform critical assurance tasks, such as automated testing, static code analysis, and defect tracking.

9. LLIS-17235: Integration of IV&V in Software Assurance Training

• Lesson Learned:
  Projects that delayed the involvement of Independent Verification and Validation (IV&V) experienced missed defects and non-compliance issues in safety-critical software components. Early collaboration with IV&V was found to significantly improve software reliability and safety.

• Relevance to Training:
  Training should educate teams on how to actively coordinate with NASA's IV&V Program, especially for safety-critical software. It should emphasize practices for integrating IV&V activities early and consistently throughout the software lifecycle.

10. LLIS-22452: Managing Open-Source Components

• Lesson Learned:
  Projects using open-source software without proper licensing or assurance processes faced challenges in managing quality and compliance. Teams often lacked training on the risks and benefits of open-source software use in NASA missions.

• Relevance to Training:
  Training should address open-source software assurance practices, including license compliance, risk management strategies, and evaluation frameworks for ensuring quality and reliability.

6.1.2  Summary of Key Lessons Learned:

Key takeaways to incorporate into software assurance training:

1. Critical Risk Detection: Early identification of software risks and mitigation strategies to prevent major mission failures.
2. Integrated Cybersecurity: Secure coding and risk management principles as essential components of software assurance.
3. Tailored Processes: Scaled assurance practices for small projects, focusing on lightweight solutions and resources.
4. Proactive IV&V Involvement: Early coordination with IV&V to strengthen software safety and reliability.
5. Use of Metrics: Training on how to track progress with assurance metrics to ensure compliance and improve decision-making.
6. Application of Historical Lessons: Courses designed to incorporate insights from past mission successes and failures.
7. Open-Source Management: Instruction on maximizing the benefits of open-source software while addressing associated risks.

6.1.3  Conclusion

These Lessons Learned provide critical insights that should be woven into the design of training programs under this requirement. By incorporating real-world experiences, NASA can ensure its workforce is prepared to tackle software assurance challenges, mitigate risks, and maintain compliance with mission-critical standards.

6.2 Other Lessons Learned

The Goddard Space Flight Center (GSFC) Lessons Learned online repository ⁶⁹⁵ contains the following lessons learned related to software requirements identification, development, documentation, approval, and maintenance based on analysis of customer and other stakeholder requirements and the operational concepts. Select the titled link below to access the specific Lessons Learned:

• Ensure that early career team members receive adequate support. Lesson Number #: The recommendation states: "Be proactive in providing support to early career team members."

7. Software Assurance

7.1 Tasking for Software Assurance

7.2 Software Assurance Products 

Software Assurance (SA) products are tangible outputs created by Software Assurance personnel to support oversight, validate compliance, manage risks, and ensure the quality of delivered products. These products are essential to demonstrate that SA objectives are being met, and they serve as evidence of the thoroughness and effectiveness of the assurance activities performed.

No specific deliverables are currently identified.

7.3 Metrics

No standard metrics are currently specified.

7.4 Guidance

7.4.1  Objective of the Guidance

The purpose of this requirement is to ensure that Software Assurance (SA) personnel across NASA are provided with the necessary training to effectively execute their responsibilities in accordance with NPR 7150.2 ⁰⁸³, NASA-STD-8739.8 ²⁷⁸, and other relevant NASA policies and directives. This effort is aimed at building and maintaining proficiency, promoting consistency across Centers, and staying current with evolving software assurance practices, tools, and methodologies.

This guidance outlines Software Assurance personnel's roles in utilizing, implementing, and benefiting from the training provided by the NASA Chief, SMA. 

7.4.2  Software Assurance Responsibilities

7.4.2.1  Ensure Participation in Training Opportunities

1. Attend Required Training Programs:

   • Actively participate in training sessions coordinated by the NASA Chief, SMA, which may include in-person, virtual, and on-demand resources.
   • Engage in training programs specific to NASA standards (e.g., NPR 7150.2, NASA-STD-8739.8) to remain proficient in assurance requirements and best practices.

2. Stay Current:

   • Regularly complete any new or updated training modules as policies, technologies, and assurance practices evolve.
   • Participate in refreshers to ensure continuing compliance with software assurance standards.

7.4.2.2. Leverage Training to Improve Capabilities

1. Expand Knowledge Across Domains:

   • Focus on developing expertise in software assurance domains such as:
     • Verification and validation (V&V).
     • Risk and safety analysis for software systems.
     • Advanced metrics collection and analysis.
     • Emerging methodologies like Agile, DevOps, and Model-Based Engineering (MBE) as they relate to assurance.

2. Capability Improvement Areas:

   • Leverage training to enhance abilities in:
     • Evaluating software safety controls.
     • Hazard analysis and mitigation planning.
     • Assurance process tailoring for different software classifications and criticalities.
     • IV&V methods for critical projects.

7.4.2.3. Share Knowledge Locally

1. Conduct Local Training:

   • After completing training, organize knowledge-sharing sessions at your Center to disseminate key lessons learned.
   • Mentor new or junior assurance personnel by providing context-specific advice and helping them understand how to apply knowledge from training materials.

2. Ensure Project Awareness:

   • Share relevant insights from training with software engineering and project teams as applicable to specific project assurance objectives.

7.4.2.4. Collaborate to Identify Training Needs

1. Contribute to Training Development:

   • Provide feedback to the NASA SMA office about content, gaps, or additional topics needed for future training. Share recommendations based on emerging software assurance challenges.

2. Support Tailored Training Requirements:

   • Work with SMA leadership to ensure that training is tailored to your Center’s or project’s specific mission profiles, software classification levels, and unique assurance needs.

7.4.2.5. Incorporate Lessons Learned into Workflows

1. Apply Training:

   • Use training to:
     • Improve assurance workflows and planning strategies at your Center.
     • Ensure that assurance activities adhere to current NASA standards and practices.

2. Document Improvements:

   • Capture best practices and improvements implemented as a result of training to inform future efforts and demonstrate return on investment.

7.4.3  Key Training Areas for Software Assurance

The training provided by the NASA Chief, SMA, should include the following critical areas:

1. NASA Policies and Standards:

   • Deep dive into NPR 7150.2, NASA-STD-8739.8, and tailoring standards.
   • Understanding compliance requirements related to software classification and criticality.

2. Assurance Process Execution:

   • Planning and executing software assurance, software safety, and risk management processes.

3. Verification and Validation (V&V):

   • Roles of software testing, independent verification, and validation activities.

4. Risk Management and Safety Analysis:

   • Conducting software hazard analysis, fault tree analysis, and embedding safety within the lifecycle.

5. Metrics and Continuous Improvement:

   • Collecting and using assurance metrics to monitor compliance and identify opportunities for improvement.

6. Advanced Practices:

   • Assurance in Agile, DevSecOps pipelines, Model-Based Software Development (MBSD), and automated verification tools.

7. Tools and Technology:

   • Training in modern assurance tools for static code analysis, automated testing, safety analysis, and anomaly tracking.

8. Lessons Learned:

   • Incorporating case studies and lessons learned from both successful and problematic NASA missions.

7.4.4  Expected Outcomes

By ensuring participation in training provided by the NASA Chief, SMA:

1. Enhanced Expertise:
   • Software Assurance professionals consistently improve technical skills and enhance understanding of compliance with NASA requirements.
2. Consistency:
   • Training promotes uniform application of assurance practices across NASA Centers and projects, ensuring compliance and reducing risks.
3. Adaptability:
   • Training ensures SA personnel stay ready to operate within evolving methodologies, technologies, and standards.
4. Mission Success:
   • Improved assurance capabilities directly contribute to higher software reliability, safety, and mission success.

7.4.5  Conclusion

Software Assurance personnel play an essential role in supporting training provided by the NASA Chief, SMA. By participating actively, sharing lessons learned, applying training in workflows, and contributing feedback, SA personnel can continuously improve their capabilities and align with NASA’s evolving needs. This ensures that assurance practices remain robust, consistent, and effective in supporting mission success.

7.5 Additional Guidance

Additional guidance related to this requirement may be found in the following materials in this Handbook:

See also Topic 5.15 - Train - Software Training Plan regarding the inclusion of SA training in a project Training Plan.