We are aware some users are experiencing video buffering issues and are actively working toward a solution.

SARP Deploys Software Assurance Tasking Checklist Tool for NASA-STD-8739.8A

SARP Deploys Software Assurance Tasking Checklist Tool for NASA-STD-8739.8A

3-minute read
SARP-Checklist-Hero

As part of the Software Assurance Research Program (SARP), the project team leading the “Software Assurance Tasking Checklists for NASA-STD-8739.8” project developed and deployed a tool to automate the identification of Software Assurance (SA) activities using Commercial Off-The-Shelf tools. This checklist tool is one of five research projects in Fiscal Year 2020 sponsored by SARP and aimed to address the current needs of the SA community across the agency.

Monitoring compliance to the requirements, including audits, is an integral part of NASA’s SA program to assure project, contractor, and center compliance with agency directives. With the publication of NASA-STD-8739.8A, Software Assurance and Software Safety Standard, the scope of SA activities changed to require each SA organization to adapt SA plans and monitor approaches.

SARP — hosted by NASA’s Office of Safety and Mission Assurance (OSMA) — chose to pursue the proposal because of the stated goal to automate the identification of SA activities for the newly published standard. This project developed a process and tool to auto-generate SA tasking checklists based on NASA-STD-8739.8A and NPR 7150.2C, NASA Software Engineering Requirements in a Microsoft-based Excel format.

The SA Tasking Checklist Tool features

  • User-friendly front end: The tool integrated NASA-STD-8739.8A and NPR 7150.2C requirements across the development life cycle to create SA tasking checklists based on project attributes (i.e., software classification, safety criticality, and life cycle phases/milestones) to plan SA activities and ensure compliance.
  • Tailoring and flexibility in developing plans: While the default project settings address a “typical” development project with full compliance to NASA-STD-8739.8 requirement SASS-01, the tool is flexible in terms of tailoring the requirements, as well as providing the ability to map the Software Engineering (SWE) requirements to various milestones for different development life cycles to address center or project-specific attributes.
  • Monitoring Capability: The tool may also be used to capture status when SA activities are performed throughout the development life cycle. Monitoring of SA tasking status may be performed using this optional feature that is built-in during the creation of the project-specific checklist. .
  • Compatibility with existing systems: Another option for monitoring is to export the checklist(s) in common formats compatible with other tools, including Excel, JIRA and MS Project (i.e., Excel, CSV and XML).

The SA community’s needs were the driving force behind the checklist tool development. The project team worked with the community through the SA Working Group (SAWG) meetings to develop and refine the checklist tool requirements.

The project team held a series of prototyping events with SA volunteers representing nine different NASA centers and facilities. The team gave volunteers the tool prototype and asked them to test and provide feedback. Before the team implemented major changes, the volunteers had to reach a consensus. This activity was instrumental in the development of the tool to ensure a solid user interface and helped with early adaptation.

SA Tasking Checklist Tool is now included in the SWE Handbook (Assurance and Safety Topic 8.15). The project team embedded and delivered a comprehensive user’s guide with the tool to assist users with tool features and functionality. The user’s guide provides instruction on how use the tool to generate a project-specific SA tasking checklist.

Cathryn Simpson and Shirley Savarino, both from the Katherine Johnson Independent Verification and Validation (IV&V) Facility, led this project. For more information or assistance, contact Simpson or Savarino.

SARP Background

SARP is aligned to support discipline goals to improve how NASA performs SA activities. The research program is designed to provide NASA with greater knowledge about the SA practices, methods, and tools needed to produce safe and reliable software.

SARP addresses fundamental SA problems in the field of SWE, primarily as it relates to software safety, quality, IV&V, testability, and reliability. SARP is intended to develop and transfer into practice SA technologies, methods and tools to support and improve the quality of the software produced by and for NASA and to assist the agency in continuing to lead in the development of safe, reliable and cost-effective software. Thus, by sponsoring forward-thinking research as well as addressing current needs, SARP helps assure that sufficient and appropriate software risk mitigation is applied to the software that controls and monitors NASA’s systems.

People

Tim Crumbley

SA Technical Fellow

Learn more about SA Technical Fellow Tim Crumbley.

Read More

Guille del Carmen

Technical Discipline Team Lead

Learn more about SA Technical Discipline Team Lead Guille del Carmen.

Read More

Points of Contact

For details on contacting an SA Point of Contact (PoC), click below.

Find Your PoC

Software Assurance Working Group

The Software Assurance Working Group (SAWG) is a group of Software Assurance (SA) professionals from across NASA who work together to help formulate NASA SA policy, standards, training, guidance, briefings and other needed items. It is also a forum to share experiences, lessons learned and useful techniques. The SAWG provides a community that can provide assistance and support to individual practitioners.

The group meets twice a month (second and fourth Wednesdays), with the second meeting of the month devoted to supporting SA Technical Excellence efforts.

SA Working Group 2022 

Past Events

Event Date Description
4 Types of Peer Reviews
12/15/2021 Webinar covering similarities and differences between the four basic types of peer review  
Software Quality Risk Scoring Workshop Part I 6/8/2021 First day of the virtual Software Quality Risk Scoring Workshop.  
Software Quality Risk Scoring Workshop Part II 6/8/2021 First day of the virtual Software Quality Risk Scoring Workshop.  
Software Quality Risk Scoring Workshop Part III 6/9/2021 Second day of the virtual Software Quality Risk Scoring Workshop.  
Software Quality Risk Scoring Workshop Part IV 6/9/2021 Second day of the virtual Software Quality Risk Scoring Workshop.
 

NASA Software Assurance Program Goals

  1. Provide risk-based performance requirements that provide flexibility for the project Software Assurance and Software Safety activities.
  2. Improve the risk, issue and finding reporting from the NASA Software Assurance and Software Safety organizations.
  3. Add value for Software Assurance and Software Safety activities and demonstrate the importance of the NASA Software Assurance activities.
  4. Provide standard tools and services for Software Assurances activities on projects.
  5. Provide measurable Software Assurance process improvement.
  6. Improve the use of data and metrics on all NASA Software Assurance activities.
  7. Focus Software Assurance activities on known software issues, including targeting Software Assurance and Software Safety research activities.
  8. Develop more efficient and automated methods for Software Assurance activities.
  9. Establish a Software Assurance services and tool sharing capability.
  10. Improve Software Assurance training and training requirements in the Safety and Mission Assurance Technical Excellence Program and across the agency.

IV&V Program

NASA’s Independent Verification and Validation (IV&V) Program provides assurance that safety- and mission-critical systems and software will operate reliably, safely and securely. The NASA IV&V Program's primary location is the Katherine Johnson IV&V Facility in Fairmont, West Virginia. The IV&V Program provides the following services:

  • System and Software Assurance: Full life cycle IV&V and independent assessments for NASA’s highest profile missions. IV&V leads to higher quality products, reduced risk, greater insight, reduced cost and knowledge transfer.
  • Safety and Mission Assurance (SMA) Support: Support across the agency, in-line with the development project. Hazard Analysis, Software Assurance plan development, and standards development and evaluation.
  • Mission Protection Services: Vulnerability assessment and authorization, end-to-end full life cycle security risk assessment, FedRAMP 3PAO (cloud) services, security training, and security testing (penetration testing, code analysis and vulnerability scanning).
  • Software Development, Testing and Research: Independent testing, automation and virtualization enabled through IV&V’s Jon McBride Software Testing and Research Laboratory.
IV&V Program

Learning

Launch SATERN My STEP STEP Software Assurance Curriculum Guide 

SATERN Courses

Course Title Course Number Buttons
Intermediate Software Assurance SMA-SA-WBT-201 SMA-SA-WBT-201 Details
Introduction To Software Engineering SMA-SA-WBT-206 SMA-SA-WBT-206 Details
Intermediate Software Testing SMA-SA-WBT-301 SMA-SA-WBT-301 Details
Software Requirements, Development and Management SMA-SA-WBT-303 SMA-SA-WBT-303 Details
Software Safety For Practitioners SMA-SA-WBT-306 SMA-SA-WBT-306 Details
Software Processes and Metrics SMA-SA-WBT-402 SMA-SA-WBT-402 Details

Policy and Guidance

NASA

NASA-STD-8739.8

NASA SOFTWARE ASSURANCE AND SOFTWARE SAFETY STANDARD

The purpose of the Software Assurance and Software Safety Standard is to define the requirements to implement a systematic approach to Software Assurance, software safety, and Independent Verification and Validation (IV&V) for software created, acquired, provided, or maintained by or for NASA. The Software Assurance and Software Safety Standard provides a basis for personnel to perform software assurance, software safety, and IV&V activities consistently throughout the life of the software, that is, from its conception, through creation to operations and maintenance, and until the software is retired.

See NASA-STD-8739.8 

NASA-HDBK-2203

NASA Software Engineering Handbook

This handbook provides users and practitioners with guidance material for implementing the requirements of NPR 7150.2, NASA Software Engineering Requirements and the implementation of the NASA Software Assurance and Software Safety requirements in NASA-STD-8739.8, Software Assurance Standard. The use of this handbook is intended to provide "best-in-class" guidance for the implementation of safe and reliable software in support of NASA projects. The handbook is a key component of an agencywide plan to work toward a continuous and sustained Software Engineering and Software Assurance process and product improvement.

See NASA-HDBK-2203

Additional Guidance

Policy Title Buttons Buttons
NASA-STD-8739.8 NASA Software Assurance Standard NASA-STD-8739.8 Details See NASA-STD-8739.8
NPD 7120.4 NASA Engineering and Program/Project Management Policy NPD-7120-4 Details See NPD 7120.4
NPR 7120.5 NASA Space Flight Program and Project Management Requirements NPR-7120-5 Details See NPR 7120.5
NPR 7123.1 Systems Engineering Processes and Requirements NPR-7123-1 Details See NPR 7123.1
NPR 7150.2 Software Engineering Requirements NPR-7150-2 Details See NPR 7150.2
NASA-GB-8719.13 NASA Software Safety Guidebook NASA-GB-8719-13 Details See NASA-GB-8719.13
NASA-STD-8739.9 NASA Software Formal Inspections Standard NASA-STD-8739-9 Details See NASA-STD-8739.9
NASA-HDBK-8739.23 Complex Electronics Handbook for Assurance Professionals NASA-HDBK-8739.23 Details See NASA-HDBK-8739.23
SSP 50038 Computer-Based Control System Safety Requirements SSP 50038 Details See SSP 50038

SARP

Software Assurance Research Program

The Software Assurance Research Program (SARP) — hosted by NASA’s Independent Verification and Validation (IV&V) Program — is designed to provide NASA with greater knowledge about the Software Assurance (SA) practices, methods and tools needed to produce safe and reliable software.

SARP is designed to address fundamental SA problems in the field of software engineering, primarily as it relates to software safety, quality, IV&V, testability and reliability. It is intended to develop and transfer into practice SA technologies, methods and tools to support and improve the quality of the software produced by and for NASA, and to assist the agency in continuing its leadership in the development of safe, reliable and cost-effective software. Thus, by sponsoring forward-thinking research as well as addressing current needs, SARP helps assure that sufficient and appropriate software risk mitigation is applied to the software that controls and monitors NASA’s systems.

In Fiscal Year 2021, SARP is sponsoring four research projects aimed to benefit Software Assurance processes across the agency:

  1. Augmenting Requirement Analysis Tool with Artificial Intelligence
  2. Dependency Structure Matrix CAP Integration
  3. Advancing the Requirements Review Approach with NLP
  4. Software Defect Proneness: Discovering the Metrics that Matter Most

Visit SARP Website Visit SARP NEN Website

Tools

QVscribe

Information on installing QVscribe for users is available in our knowledge base.

QVscribe Training

For additional guidance, view these helpful QVScribe training videos.

QVscribe Instructions

Excel QVscribe Instructions
Word QVscribe Instructions
DOORS Next QVscribe Instructions