Welcome to the NASA Software Release System.
The Software Release System (SRS) will allow Agency software developers to generate and submit software release documents such as the Software Release Request Authorization (SRRA) and the Compliance Matrix in an automated fashion. The SRS will allow Agency SRAs to then easily route these software release documents for review with the added ability to perform parallel routing, use of time based reminders, tracking, and reporting to effectively manage the software release processes at their centers.
Paperwork Reduction Act Statement: This information collection meets the requirements of 44 U.S.C. § 3507, as amended by section 2 of the Paperwork Reduction Act of 1995. You do not need to answer these questions unless we display a valid Office of Management and Budget control number. The OMB control number for this information collection is 2700-0153 and it expires on 9/30/2021. We estimate that it will take up to four (4) hours to read the instructions, gather the facts, answer the questions, and transmit. You may send comments on our time estimate above to: Peter Tran, Ames Research Center, Moffett Field, CA. 94035. Send only comments relating to our time estimate to this address, not the completed form.
The Software Release System (SRS) will allow Agency software developers to generate and submit software release documents such as the Software Release Request Authorization (SRRA) and the Compliance Matrix in an automated fashion. The SRS will allow Agency SRAs to then easily route these software release documents for review with the added ability to perform parallel routing, use of time based reminders, tracking, and reporting to effectively manage the software release processes at their centers.
Submit New Release Request
Learn about SRS
Go to Request Dashboard
Below is a list of the new technology reports on which you have been listed as an innovator. Please select from the list the case number for which you would like to prepare a software release request. If you do not see your software listed, this means an NTR has not yet been accepted for your software. An NTR must be accepted before you can proceed with a software release request. To submit an NTR, please visit: https://invention.nasa.gov/
Submission of a new software release request requires the preparation of three documents. These documents are a Software Release Request Authorization (SRRA) Form, an NPR 7150.2B Compliance Matrix, and a Section 508 Compliance Checklist. You may prepare these documents in any order by clicking on the button below corresponding with the document you would like to prepare. All three documents must be completed in their entirety before your request can be submitted for review.
REQUEST AUTH FORM
NPR 7150.2B COMPLIANCE
SECTION 508 COMPLIANCE
SRRA Form
The SRRA Form will be presented to you as a series of questions for which you will provide the appropriate answers. You may also need to attach documents when answering some questions. When you are ready to begin preparation of the SRRA Form, click on the Begin SRRA Form Preparation button below.
Begin SRRA Form Preparation
Full Name Of Requestor:
Technology Case Number:
Version Number:
Version Date:
Software Title and Abbreviation:
Next Section
NOTE: The software title and description shown below may be used in the NASA Software Catalog as marketing language to describe your software to prospective catalog customers. If the title and description as shown do not adequately or clearly describe your software product, please modify them as needed to provide a clear, succinct title and description that will be understood by all catalog customers.
The NASA Software Catalog, https://software.nasa.gov/ , is an online inventory of NASA’s software which is available for use by industry, academia, other government agencies and/or the general public. Access to the software is determined by the release type restrictions (i.e. U.S. Government Only, U.S. Release, etc.)
Please indicate whether this software code should be listed in the NASA Software Catalog:
Yes
No
Software Marketing Title:
Software Catalog Marketing Description
Software Catalog Category:
Dropdown:
Aeronautics
Autonomous Systems
Business Systems and Project Management
Crew and Life Support
Data Servers Processing and Handling
Data and Image Processing
Design and Integration Tools
Electronics and Electrical Power
Environmental Science (Earth, Air, Space, Exoplanet)
Materials and Processes
Operations
Propulsion
Structures and Mechanisms
System Testing
Vehicle Management (Space/Air/Ground)
Brief Description of Software:
What Type of Code Will Be Released?
Executable
Source
Source & Executable
What Operating System (O/S) Does Your Software Use?
Apple
iOS
Android
Microsoft
Windows
Linux
OSX
Other
Will A User Manual Be Released With Your Software?
Yes
No
Will Other Data Items Be Transferred With the Code:
Yes
No
Type of Release Requested:
License (Copyright and/or Patent) (NOTE: Not Considered a Type of
Release But Review Required Per NPR
2210 Section 3.3)
Limited General U.S. Release (Limited to
a Funded SAA Partner Where Not Government Purpose)
Government
Purpose Only Release
U.S. Release (Recipient Must Be U.S.
Person Or Company)
U.S. and Foreign Release (All U.S. Persons
And Allowed Foreign Nationals)
Public Release
Open Source
Release (No Release Restrictions)
How Do You Plan to Distribute Your Software?
Are There Any Programmatic Restrictions On Release of Your Software?
Yes
No
What Is The Classification And Safety Critical Designation Of The Software?
NOTE: Refer to NPR 7150.2B, Appendix D and NASA-STD-8739.8, Appendix A for an explanation of the classifications and safety critical designations for software.
Class A - Non-Safety Critical
Class A - Safety Critical
Class
B - Non-Safety Critical
Class B - Safety Critical
Class C
- Non-Safety Critical
Class C - Safety Critical
Class D -
Non-Safety Critical
Class D - Safety Critical
Class E -
Non-Safety Critical
Class E - Safety Critical
Class F
Class G
Class H
Does the Software Comply With the Software Engineering and Assurance Requirements of NPR 7150.2B and NASA-STD-8739.8, Software Assurance Standard, for the Applicable Software Classification?
NOTE: Questions concerning applicability of requirements should be directed to the local designated Software Engineering Technical Authority (for NPR 7150.2B) or Software Assurance Technical Authority (for NASA-STD-8739.8).
Yes
No
Is the Software Safety-Critical as Defined In NASA-STD-8739.8?
Yes
No
OPTIONAL: What Is the Software’s Technology Readiness Level (TRL) as Defined in NPR 7120.8, NASA Research and Technology Program and Project Management Requirements?
Dropdown: TRL-1, TRL-2, TRL-3, TRL-4, TRL-5, TRL-6, TRL-7, TRL-8, TRL-9
Is the Software Section 508 Compliant?
Yes
No
Does Your Software Include Any Embedded Computer Databases?
Yes
No
When Transferring Your Software, Will Your Software Include Other NASA or Government Software?
Yes
No
When Transferring Your Software, Will Your Software Include Any Third Party Software?
Yes
No
Does Your Software "Call" (used when run, but not included in a release) Any Open Source Software or Libraries?
Yes
No
Does Your Software "Call" (used when run, but not included in a release) Any Proprietary/Commercial Software or Libraries?
Yes
No
Are There Any Known Export Restrictions That Apply to the Software?
Yes
No
Was Software Development Funded By the Military?
Yes
No
Does Your Software Contain Embedded Firewall Information or Require Ports to be Opened in the Firewall for Proper Operation?
Yes
No
Does Your Software Contain Embedded Credentials (e.g., Username/Password, Certificates, Encryption Keys)?
Yes
No
Does Your Software Analyze Network Traffic?
Yes
No
Does Your Software Use or Include Encryption?
Yes
No
Has the Software Application Data Owner Been Consulted to Ensure that Your Software Documentation, Embedded Files, Code, or Other Artifacts Do Not Contain Residual SBU Data?
Yes
No
Has the Software Been Screened to Determine if Your Software Documentation, Embedded Files, Code, or Other Artifacts Contain Any Personally Identifiable Information (PII)?
NOTE:
If you have questions, please consult your Center Privacy Manager for
assistance.
A Frequently Asked Questions (FAQ) Document
Addressing NASA PII Can Be Found at:
http://insidenasa.nasa.gov/ocio/information/info_privacy/pii_faq.html
Yes
No
Is the Software Command and Control (C&C)?
NOTE: Endorsement for release of C&C software is required by NPR 2210.1C, Section 2.6.3.
Yes
No
GUIDANCE: The Technical POC is the technical person, who can be either a contractor or NASA employee.
Email Address:
First Name:
Last Name:
Company Name:
Address 1:
Address 2:
City:
State:
Zip:
Mail Code:
Organization Code:
Phone:
GUIDANCE: The Technical POC is the technical person, who can be either a contractor or NASA employee.
Email Address:
First Name:
Last Name:
Company Name:
Address 1:
Address 2:
City:
State:
Zip:
Mail Code:
Organization Code:
Phone:
GUIDANCE: The Project/Program Office person is the NASA Civil Servant lead for the project/program under which the software was developed. If the software isn’t specific to a project or program, this person would be the NASA manager for the organization responsible for creation of the software.
Email Address:
First Name:
Last Name:
Company Name:
Address 1:
Address 2:
City:
State:
Zip:
Mail Code:
Organization Code:
Phone:
Attachments
Attach Files
If
you have already completed the Software Release Request Authorization
(SRRA) form in this system, please follow the prompts provided in
this section to complete the compliance matrix for your software. The
system will already know the classification of your software based on
your input in the SRRA section, and will be providing you with the
appropriate sections to complete for that software
classification.
If
you are preparing your compliance matrix prior to completion of the
Software Release Request Authorization (*SRRA) form, please refer
to NPR
7150.2C and NASA-STD-8739.8 to
determine the classification and safety criticality of your software.
Once you have determined the appropriate classification, select the
classification from the dropdown list below to begin completion of
the compliance matrix.
Questions
concerning applicability of requirements should be directed to the
local designated Software Engineering Technical Authority (for NPR
7150.2C)
or Software Assurance Technical Authority (for NASA-STD-8739.8).
The
rationale for the requirements is contained in the NASA-HDBK-2203.
Programs/Projects may substitute a matrix that documents their
mapping with their particular Center's implementation of NPR
7150.2,
if applicable. See NASA-HDBK-2203 for
requirements mapping matrices organized by class, tailoring field for
each requirement, tailoring rationale, and approval signature
lines.
The
Compliance Matrix documents the program/project's mappings or intent
to comply with the requirements of this NPR or justification for
tailoring. The matrix lists:
The section reference.
The unique requirement identifier.
The NPR 7150.2 requirement statement.
The Authority Level responsible for assessing a project’s requirements mapping matrices and any requested tailoring from requirements in this NPR. The CIO, or the designee, has institutional authority on all Class F software projects and has joint responsibility on the cybersecurity requirements in section 3.11.
The applicability of the requirements in this NPR to specific systems and subsystems within the Agency’s investment areas, programs, and projects is determined through the use of the NASA-wide definition of software classes.
Section
3.1.2 The project manager shall develop, maintain, and execute
software plans that cover the entire software life cycle and, as a
minimum, address the requirements of this directive with approved
tailoring.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.1.3 The project manager shall track the actual results and
performance of software activities against the software plans.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.2.1 The project manager shall establish, document, and maintain two
cost estimates and associated cost parameters for all software Class
A and B projects that have an estimated project cost of $2 million or
more or one software cost estimate and associated cost parameter(s)
for other software projects.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.2.2 The project manager‘s software cost estimate(s) shall
satisfy the following conditions: a. Covers the entire software life
cycle. b. Is based on selected project attributes (e.g., assessment
of the size, functionality, complexity, criticality, reuse code,
modified code, and risk of the software processes and products). c.
Is based on the cost implications of the technology to be used and
the required maturation of that technology. d. Incorporates risk and
uncertainty. e. Includes the cost for software assurance support. f.
Includes other direct costs.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.3.1 The project manager shall document and maintain a software
schedule that satisfies the following conditions: a. Coordinates with
the overall project schedule. b. Documents the interactions of
milestones and deliverables between software, hardware, operations,
and the rest of the system. c. Reflects the critical path for the
software development activities. d. Adhere to the guidance provided
in NASA/SP-2010-3403, NASA Scheduling Management Handbook.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.3.2 The project manager shall regularly hold reviews of software
activities, status, and results with the project stakeholders and
track issues to resolution.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.3.3 The project manager shall select and document a software
development life cycle or model that includes phase transition
criteria for each life cycle phase.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.4.1 The project manager shall plan, track, and ensure project
specific software training for project personnel.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.5.1 The project manager shall classify each system and subsystem
containing software in accordance with the highest applicable
software classification definitions for Classes A, B, C, D, E, F, G,
and H software in Appendix D.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.5.2 The project’s software assurance manager shall perform an
independent classification assessment.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.5.3 The project manager, in conjunction with the Safety and Mission
Assurance organization, shall determine the software safety
criticality in accordance with NASA-STD-8719.13.
Technical
Authority: Center Level
Responsibility: Project and
Center S&MA
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.5.4 If a system or subsystem evolves to a higher or lower software
classification as defined in Appendix D, or there is a change in the
safety criticality of the software, then the project manager shall
update their plan to fulfill the applicable requirements per the
Requirements Mapping and Compliance Matrix in Appendix C and any
approved tailoring.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.5.5 If a software component is determine to be safety critical
software then software component classification shall be Software
Class D or higher.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.6.1 The project manager shall plan and implement software assurance
per NASA-STD-8739.8.
Technical Authority: Center
Level
Responsibility: Project and Center S&MA (Note
3)
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.6.3 If software IV&V is performed on a project, project manager
shall ensure that an IV&V Project Execution Plan (IPEP) is
developed.
Technical Authority: Center
Level
Responsibility: Project and Center S&MA
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.7.1 When a project is determined to have safety-critical software,
the project manager shall implement the requirements of
NASA-STD-8719.13.
Technical Authority: Center
Level
Responsibility: Project and Center S&MA (Note
3)
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.7.2 j. Safety-critical software responds to an off nominal
condition within the time needed to prevent a hazardous event. k.
Software provides error handling of safety-critical functions. l.
Safety-critical software has the capability to place the system into
a safe state. m. Safety-critical elements (requirements, design
elements, code components, and interfaces) are uniquely identified as
safety-critical. n. Requirements are incorporated in the coding
methods, standards, and/or criteria to clearly identify
safety-critical code and data within source code comments.
Technical
Authority: Center Level
Responsibility: Project and
Center S&MA
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.8.1 The project manager shall define the approach to the automatic
generation of software source code including: a. Validation and
verification of auto-generation tools. b. Configuration management of
the auto-generation tools and associated data. c. Identification of
the allowable scope for the use of auto-generated software. d.
Verification and validation of auto-generated source code. e.
Monitoring the actual use of auto-generated source code compared to
the planned use. f. Policies and procedures for making manual changes
to auto-generated source code. g. Configuration management of the
input to the auto-generation tool, the output of the auto-generation
tool, and modifications made to the output of the auto-generation
tools.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.9.2 The project manager shall satisfy the following conditions when
a COTS, GOTS, MOTS, or reused software component is acquired or used:
a. The requirements to be met by the software component are
identified. b. The software component includes documentation to
fulfill its intended purpose (e.g., usage instructions). c.
Proprietary rights, usage rights, ownership, warranty, licensing
rights, and transfer rights have been addressed. d. Future support
for the software product is planned and adequate for project needs.
e. The software component is verified and validated to the same level
required to accept a similar developed software component for its
intended use. f. The project has a plan to perform periodic
assessments of vendor reported defects to ensure the defects do not
impact the selected software components.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.10.2 The project manager shall plan software verification
activities, methods, environments, and criteria for the project.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.10.3 The project manager shall plan the software validation
activities, methods, environments, and criteria for the project.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.10.4 The project manager shall record, address, and track to
closure the results of software verification activities.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.10.5 The project manager shall record, address, and track to
closure the results of software validation activities.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.11.3 The project manager shall acquire, develop, and maintain
software from an organization with a non-expired Capability Maturity
Model® Integration for Development (CMMI-DEV) rating as measured
by a CMMI Institute authorized or certified lead appraiser as
follows: a. For Class A software: CMMI-DEV Maturity Level 3 Rating or
higher for software, or CMMI-DEV Capability Level 3 Rating or higher
in all CMMI-DEV Maturity Level 2 and 3 process areas for software. b.
For Class B software on NASA payloads with risk classifications A, B,
and C, as defined in NPR 8705.4: CMMI-DEV Maturity Level 2 Rating or
higher for software, or CMMI-DEV Capability Level 2 Rating or higher
for software in the following process areas: (1) Requirements
Management. (2) Configuration Management. (3) Process and Product
Quality Assurance. (4) Measurement and Analysis. (5) Project
Planning. (6) Project Monitoring and Control. (7) Supplier Agreement
Management (if applicable).
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.2 The project manager shall assess options for software
acquisition versus development.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.3 The project manager shall define and document the acceptance
criteria and conditions for the software.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.4 The project manager shall establish a procedure for software
supplier selection, including proposal evaluation criteria.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.5 The project manager shall determine which software processes,
software documents, electronic products, software activities, and
tasks are required for the project and software suppliers.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.6 The project manager shall define the milestones at which the
software supplier(s) progress will be reviewed and audited as a part
of the acquisition activities.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.7 The project manager shall document software acquisition
planning decisions.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.8 The project manager shall require the software supplier(s) to
provide insight into software development and test activities; at a
minimum, the software supplier(s) will be required to allow the
project manager or designate to: a. Monitor product integration. b.
Review the verification activities to ensure adequacy. c. Review
trades studies and source data. d. Audit the software development
process. e. Participate in software reviews and systems and software
technical interchange meetings.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.9 The project manager shall require the software supplier(s) to
provide NASA with software products and software process tracking
information, in electronic format, including software development and
management metrics.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.12.10 The project manager shall require the software supplier(s) to
provide NASA with electronic access to the source code developed for
the project in a modifiable format, including MOTS software and
non-flight software (e.g., ground test software, simulations, ground
analysis software, ground control software, science data processing
software, and hardware manufacturing software).
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.13.1 The project manager shall require the software supplier to
track software changes and non-conformances and provide the data for
the project's review.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.13.2 The project manager shall participate in any joint
NASA/supplier audits of the software development process and software
configuration management process.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.13.3 The project manager shall require the software supplier(s) to
provide a software schedule for the project's review and schedule
updates as requested.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.13.4 The project manager shall require the software supplier(s) to
make electronically available the software traceability data for the
project's review.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.14.2 The project manager shall specify reusability requirements
that apply to its software development activities to enable future
reuse of the software, including models used to generate the
software.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.14.3 The project manager shall evaluate software for potential
reuse by other projects across the Agency and contribute reuse
candidates to the Agency Software Catalog.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.15.2 The project manager shall ensure that when an open source
software component is acquired or used, the following conditions are
satisfied: a. The requirements that are to be met by the software
component are identified. b. The software component includes
documentation to fulfill its intended purpose (e.g., usage
instructions). c. Proprietary, usage, ownership, warranty, licensing
rights, and transfer rights have been addressed. d. Future support
for the software product is planned and adequate for project needs.
e. The software component is verified and validated to the same level
required to accept a similar developed software component for its
intended use.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.15.3 The project manager shall require the software supplier(s) to
notify the project, in the response to the solicitation, as to
whether or not open source software will be included in code
developed for the project.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.16.2 The project manager shall ensure that mission and safety
critical software systems are identified and security risk
mitigations are planned for these systems in the Project Protection
Plan.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.16.3 The project manager shall implement the identified software
security risk mitigations addressed in the Project Protection Plan.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.16.4 The project manager shall ensure and document that all systems
including software are evaluated for security risks, including risks
posed by the use of COTS, GOTS, MOTS, Open Source, and reused
software.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.16.5 The project manager shall ensure that software systems with
space communications capabilities are protected against un-authorized
access.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.16.6 The project manager shall ensure that the software systems are
assessed for possible security vulnerabilities and weaknesses.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
3.16.7 The project manager shall verify and validate the required
software security risk mitigations to ensure that security objectives
identified in the Project Protection Plan for software are satisfied
in their implementation.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.1.2.1 The project manager shall establish, capture, record,
approve, and maintain software requirements, including the software
quality requirements, as part of the technical specification.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.1.2.2 The project manager shall perform software requirements
analysis based on flowed-down and derived requirements from the
top-level systems engineering requirements and the hardware
specifications and design.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.1.2.3 The project manager shall perform, record, and maintain
bidirectional traceability between the software requirement and the
higher-level requirement.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.1.3.1 The project manager shall track and manage changes to the
software requirements.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.1.3.2 The project manager shall identify, initiate corrective
actions, and track until closure inconsistencies among requirements,
project plans, and software products.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.1.3.3 The project manager shall perform requirements validation to
ensure that the software will perform as intended in the customer
environment.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.2.3 The project manager shall develop and record the software
architecture.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.3.2 The project manager shall develop, record, and maintain the
software design.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.3.3 The project manager shall develop, record, and maintain a
design based on the software architectural design that describes the
lower-level units so that they can be coded, compiled, and tested.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.3.4 The project manager shall perform, record, and maintain
bidirectional traceability between the following: a. Software
requirements and software architecture. b. Software architecture and
software design. c. Software requirements and software design.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.2 The project manager shall implement the software design into
software code.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.3 The project manager shall select, adhere to, and verify
software coding methods, standards, and/or criteria.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.4 The project manager shall verify the software code by using the
results from static analysis tool(s).
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.5 The project manager shall unit test the software code per the
plans for software testing.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.6 The project manager shall provide a software version
description for each software release.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.7 The project manager shall perform, record, and maintain
bidirectional traceability from software design to the software code.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.4.8 The project manager shall validate and accredit software
tool(s) required to develop or maintain software.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.2 The project manager shall establish and maintain: a. Software
test plan(s). b. Software test procedure(s). c. Software test
report(s).
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.3 The project manager shall perform software testing.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.4 The project manager shall verify the requirement to the
implementation of each software requirement.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.5 The project manager shall evaluate test results and record the
evaluation.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section 4.5.6 The project manager shall record defects identified during testing and track to closure.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.7 The project manager shall use validated and accredited software
models, simulations, and analysis tools required to perform
qualification of flight software or flight equipment.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.8 The project manager shall update software test plan(s) and
software test procedure(s) to be consistent with software
requirements.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.9 The project manager shall provide and maintain bidirectional
traceability from the software test procedures to the software
requirements.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.5.10 The project manager shall validate the software system on the
targeted platform or high-fidelity simulation.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.6.2 The project manager shall plan and implement software
operations, maintenance, and retirement activities.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
4.6.3 The project manager shall complete and deliver the software
product to the customer with appropriate records, including as-built
records, to support the operations and maintenance phase of the
software’s life cycle.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.2 The project manager shall develop a software configuration
management plan that describes the functions, responsibilities, and
authority for the implementation of software configuration management
for the project.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.3 The project manager shall track and evaluate changes to
software products.
Technical Authority: Center
Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.4 The project manager shall identify the software configuration
items (e.g., software records, code, data, tools, models, scripts)
and their versions to be controlled for the project.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.5 The project manager shall establish and implement procedures
to: a. Designate the levels of control through which each identified
software configuration item is required to pass. b. Identify the
persons or groups with authority to authorize changes. c. Identify
the persons or groups to make changes at each level.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.6 The project manager shall prepare and maintain records of the
configuration status of software configuration items.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.7 The project manager shall perform software configuration audits
to determine the correct version of the software configuration items
and verify that they conform to the records that define them.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.1.8 The project manager shall establish and implement procedures
for the storage, handling, delivery, release, and maintenance of
deliverable software products.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.2.2 The project manager shall identify, analyze, plan, track,
control, communicate, and record software risks and mitigation plans
in accordance with NPR 8000.4.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.3.2 The project manager shall perform and report the results of
software peer reviews or software inspections for: a. Software
requirements. b. Software plans. c. Any design items that the project
identified for software peer review or software inspections according
to the software development plans. d. Software code as defined in the
software and or project plans. e. Software test procedures.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.3.3 The project manager shall, for each planned software peer
review or software inspection: a. Use a checklist or formal reading
technique (e.g., perspective based reading) to evaluate the work
products. b. Use established readiness and completion criteria. c.
Track actions identified in the reviews until they are resolved. d.
Identify required participants.
Technical Authority:
Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.3.4 The project manager shall, for each planned software peer
review or software inspection, record basic measurements.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.4.2 The project manager shall establish, record, maintain, report,
and utilize software management and technical measurements.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.4.3 The project manager shall analyze software measurement data
collected using documented project-specified and/or
Center/organizational analysis procedures.
Technical
Authority: Center Level
Responsibility: Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
Section
5.4.4 The project manager shall provide access to the software
measurement data, measurement analyses and software development
status as requested to the sponsoring Mission Directorate, the NASA
Chief Engineer, Center and Headquarters SMA, and Center repositories.
Technical Authority: Center Level
Responsibility:
Project
Dropdown:
Fully Compliant
Tailored
Not Applicable
For the complete guide to the Section 508 standards, please visit the United States Access Board website:
https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-ict-refresh/final-rule/text-of-the-standards-and-guidelines#E207-software
Does your software have a human user interface?
Yes
No
1.1.1 Non-text Content (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.2.1 Audio-only and Video-only (Prerecorded) (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.2.2 Captions (Prerecorded) (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.2.3 Audio Description or Media Alternative (Prerecorded) (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.3.1 Info and Relationships (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.3.2 Meaningful Sequence (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.3.3 Sensory Characteristics (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.4.1 Use of Color (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.4.2 Audio Control (Level A)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.2.4 Captions (Live) (Level AA)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.2.5 Audio Description (Prerecorded) (Level AA)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.4.3 Contrast (Minimum) (Level AA )
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.4.4 Resize text (Level AA)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
1.4.5 Images of Text (Level AA)
Conformance Level (dropdown):
Supports
Partially Supports
Does Not Support
Not Applicable
Remarks and Explanation:
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Heinrich, Judith E. (ARC-TI)[SGT, INC] |
| File Modified | 0000-00-00 |
| File Created | 2023-08-31 |