SARP: Software Assurance Tasking Checklists for NASA-STD-8739.8
One Software Assurance Research Program (SARP) project, “Software Assurance Tasking Checklists for NASA-STD-8739.8,” intends to automate the identification of Software Assurance (SA) activities. SARP — hosted by NASA’s Independent Verification and Validation (IV&V) Program — is sponsoring five research projects in Fiscal Year 2020, aimed to benefit SA processes across the agency.
Cathryn Simpson and Shirley Savarino from the Katherine Johnson IV&V Facility are leading this project using NASA-STD-8739.8A, Software Assurance Standard as a basis to create tasking checklists and a new SA Tasking Checklist Tool (TaCT). NASA-STD-8739.8A aligns directly with NPR 7150.2C, Software Engineering Requirements and extensively changes the scope and breadth of SA activities. Practitioners may use the SA tasking checklists to plan SA activities, monitor project progress and compliance, and perform audits.
TaCT will be an automated tool with a straightforward, user-friendly interface, allowing users to identify required SA activities by filtering attributes such as software classification, safety criticality or project phase. As a result, SA organizations may use TaCT to develop project plans and monitor project progress while ensuring compliance with the new standard, NASA-STD-8739.8A. The increased efficiencies will help maximize SA resources on analysis instead of planning. For project planning, TaCT may be used as an input to project-specific tailoring, as the SA activities are directly related to the Software Engineering requirements in NPR 7150.2C. For analysis activities, TaCT enables SA to provide evidence of assessments and SA contributions to project safety and Reliability.
The project team is setting the foundation for developing the checklist tool by analyzing and data mining NASA-STD-8739.8A; NPR 7150.2C; and NASA-HDBK-2203B, NASA Software Engineering Handbook to identify applicable requirements based on project attributes and to establish the SA tasking checklists and TaCT schema. The checklists are milestone-based with an initial focus on the Software Requirements Review, Preliminary Design Review, Critical Design Review, Test Readiness Review and Software Acceptance Review. The team plans to use input from the SA community to develop a robust and easy-to-use product. The project kicked off in April 2020 and will be completed by August 2020.
Members of the SA community and Software Assurance Working Group (SAWG) are encouraged to help with this project if they are interested. There are two forums planned in 2020.
In May 2020, the project team will have developed the schema to show use cases of TaCT and processes for their use. The team plans to conduct a requirements gathering activity with the SAWG during this time and wants the SA community’s input.
In July 2020, the project team will have developed a tool prototype. Volunteers from the SA community, through the SAWG, are encouraged to provide feedback on the prototype to help the team ensure the tool meets the needs of the community. Additional volunteer opportunities may include the integration of the checklist tool with existing automation techniques at the center and projects levels.
Anyone interested in participating should contact Simpson or Savarino.
SARP is aligned to support discipline goals to improve how NASA performs SA activities. The research program is designed to provide NASA with greater knowledge about the SA practices, methods and tools needed to produce safe and reliable software.
SARP is designed to address fundamental SA problems in the field of Software Engineering, primarily as it relates to software safety, quality, IV&V, testability and reliability. It is intended to develop and transfer into practice SA technologies, methods and tools to support and improve the quality of the software produced by and for NASA, and to assist the agency in continuing its leadership in the development of safe, reliable and cost-effective software. Thus, by sponsoring forward-thinking research as well as addressing current needs, SARP helps assure that sufficient and appropriate software risk mitigation is applied to the software that controls and monitors NASA’s systems.