SARP Deploys Software Assurance Tasking Checklist Tool for NASA-STD-8739.8A
As part of the Software Assurance Research Program (SARP), the project team leading the “Software Assurance Tasking Checklists for NASA-STD-8739.8” project developed and deployed a tool to automate the identification of Software Assurance (SA) activities using Commercial Off-The-Shelf tools. This checklist tool is one of five research projects in Fiscal Year 2020 sponsored by SARP and aimed to address the current needs of the SA community across the agency.
Monitoring compliance to the requirements, including audits, is an integral part of NASA’s SA program to assure project, contractor, and center compliance with agency directives. With the publication of NASA-STD-8739.8A, Software Assurance and Software Safety Standard, the scope of SA activities changed to require each SA organization to adapt SA plans and monitor approaches.
SARP — hosted by NASA’s Office of Safety and Mission Assurance (OSMA) — chose to pursue the proposal because of the stated goal to automate the identification of SA activities for the newly published standard. This project developed a process and tool to auto-generate SA tasking checklists based on NASA-STD-8739.8A and NPR 7150.2C, NASA Software Engineering Requirements in a Microsoft-based Excel format.
The SA Tasking Checklist Tool features
- User-friendly front end: The tool integrated NASA-STD-8739.8A and NPR 7150.2C requirements across the development life cycle to create SA tasking checklists based on project attributes (i.e., software classification, safety criticality, and life cycle phases/milestones) to plan SA activities and ensure compliance.
- Tailoring and flexibility in developing plans: While the default project settings address a “typical” development project with full compliance to NASA-STD-8739.8 requirement SASS-01, the tool is flexible in terms of tailoring the requirements, as well as providing the ability to map the Software Engineering (SWE) requirements to various milestones for different development life cycles to address center or project-specific attributes.
- Monitoring Capability: The tool may also be used to capture status when SA activities are performed throughout the development life cycle. Monitoring of SA tasking status may be performed using this optional feature that is built-in during the creation of the project-specific checklist. .
- Compatibility with existing systems: Another option for monitoring is to export the checklist(s) in common formats compatible with other tools, including Excel, JIRA and MS Project (i.e., Excel, CSV and XML).
The SA community’s needs were the driving force behind the checklist tool development. The project team worked with the community through the SA Working Group (SAWG) meetings to develop and refine the checklist tool requirements.
The project team held a series of prototyping events with SA volunteers representing nine different NASA centers and facilities. The team gave volunteers the tool prototype and asked them to test and provide feedback. Before the team implemented major changes, the volunteers had to reach a consensus. This activity was instrumental in the development of the tool to ensure a solid user interface and helped with early adaptation.
SA Tasking Checklist Tool is now included in the SWE Handbook (Assurance and Safety Topic 8.15). The project team embedded and delivered a comprehensive user’s guide with the tool to assist users with tool features and functionality. The user’s guide provides instruction on how use the tool to generate a project-specific SA tasking checklist.
Cathryn Simpson and Shirley Savarino, both from the Katherine Johnson Independent Verification and Validation (IV&V) Facility, led this project. For more information or assistance, contact Simpson or Savarino.
SARP is aligned to support discipline goals to improve how NASA performs SA activities. The research program is designed to provide NASA with greater knowledge about the SA practices, methods, and tools needed to produce safe and reliable software.
SARP addresses fundamental SA problems in the field of SWE, primarily as it relates to software safety, quality, IV&V, testability, and reliability. SARP is intended to develop and transfer into practice SA technologies, methods and tools to support and improve the quality of the software produced by and for NASA and to assist the agency in continuing to lead in the development of safe, reliable and cost-effective software. Thus, by sponsoring forward-thinking research as well as addressing current needs, SARP helps assure that sufficient and appropriate software risk mitigation is applied to the software that controls and monitors NASA’s systems.