Skip to main content
Announcing GCN Classic Migration Survey, End of Legacy Circulars Email. See news and announcements

NPR 7150

NASA-funded sofware projects must comply with software engineering requirements specified by the NASA Procedural Requirements (NPR) 7150.2D document.

The software classification determines which of NPR 7150.2D's requirements are in force. GCN is classified as Class D software for non-safety-criticial applications. GCN is fully compliant with the requirements for that classifiation. One of the requirements is that there must be a requirements matrix, which is satisfied by the table below.

NPR section #Requirement textComplies how?
Software Management Requirements
3.1.2The project manager shall assess options for software acquisition versus development.Reuse OSS and SaaS products
3.1.3The project manager shall develop, maintain, and execute software plans, including security plans, that cover the entire software life cycle and, as a minimum, address the requirements of this directive with approved tailoring.These docs
3.1.4

The project manager shall track the actual results and performance of software activities against the software plans.

  1. Corrective actions are taken, recorded, and managed to closure.
  2. Changes to commitments (e.g., software plans) that have been agreed to by the affected groups and individuals are taken, recorded, and managed.
GitHub issues
3.1.5The project manager shall define and document the acceptance criteria for the software.GitHub Actions workflows must pass
3.1.6The project manager shall establish and maintain the software processes, software documentation plans, list of developed electronic products, deliverables, and list of tasks for the software development that are required for the project’s software developers, as well as the action required (e.g., approval, review) of the Government upon receipt of each of the deliverables.These docs
3.1.7The project manager shall define and document the milestones at which the software developer(s) progress will be reviewed and audited.GitHub milestones
3.1.8

The project manager shall require the software developer(s) to periodically report status and provide insight into software development and test activities; at a minimum, the software developer(s) will be required to allow the project manager and software assurance personnel to:

  1. Monitor product integration.
  2. Review the verification activities to ensure adequacy.
  3. Review trades studies and source data.
  4. Audit the software development processes and practices.
  5. Participate in software reviews and technical interchange meetings.
Sprint meetings
3.1.9The project manager shall require the software developer(s) to provide NASA with software products, traceability, software change tracking information and nonconformances in electronic format, including software development and management metrics.GitHub issues and pull requests
3.1.10The project manager shall require the software developer(s) to provide NASA with electronic access to the source code developed for the project in a modifiable format.GitHub repositories
3.1.11The project manager shall comply with the requirements in this NPR that are marked with an “X” in Appendix C consistent with their software classification.This table
3.1.12Where approved, the project manager shall document and reflect the tailored requirement in the plans or procedures controlling the development, acquisition, and deployment of the affected software.No requirements tailored
3.1.13Each project manager with software components shall maintain a requirements mapping matrix or multiple requirements mapping matrices against requirements in this NPR, including those delegated to other parties or accomplished by contract vehicles or Space Act Agreements.This table
3.1.14

The project manager shall satisfy the following conditions when a COTS, GOTS, MOTS, OSS, or reused software component is acquired or used:

  1. The requirements to be met by the software component are identified.
  2. The software component includes documentation to fulfill its intended purpose (e.g., usage instructions).
  3. Proprietary rights, usage rights, ownership, warranty, licensing rights, transfer rights, and conditions of use (e.g., required copyright, author, and applicable license notices within the software code, or a requirement to redistribute the licensed software only under the same license (e.g., GNU GPL, ver. 3, license)) have been addressed and coordinated with Center Intellectual Property Counsel.
  4. Future support for the software product is planned and adequate for project needs.
  5. The software component is verified and validated to the same level required to accept a similar developed software component for its intended use.
  6. The project has a plan to perform periodic assessments of vendor reported defects to ensure the defects do not impact the selected software components.
Prospective dependencies are reviewed in GitHub pull requests
Software Cost Estimation
3.2.1

To better estimate the cost of development, the project manager shall establish, document, and maintain:

  1. Two cost estimate models and associated cost parameters for all Class A and B software projects that have an estimated project cost of $2 million or more.
  2. One software cost estimate model and associated cost parameter(s) for all Class A and Class B software projects that have an estimated project cost of less than $2 million.
  3. One software cost estimate model and associated cost parameter(s) for all Class C and Class D software projects.
  4. One software cost estimate model and associated cost parameter(s) for all Class F software projects.
Line count and COCOMO II cost model available upon request
3.2.2

The project manager’s software cost estimate(s) shall satisfy the following conditions:

  1. Covers the entire software life cycle.
  2. Is based on selected project attributes (e.g., programmatic assumptions/constraints, assessment of the size, functionality, complexity, criticality, reuse code, modified code, and risk of the software processes and products).
  3. Is based on the cost implications of the technology to be used and the required maturation of that technology.
  4. Incorporates risk and uncertainty, including end state risk and threat assessments for cybersecurity.
  5. Includes the cost of the required software assurance support.
  6. Includes other direct costs.
Factors provided as COCOMO II input parameters
3.2.3The project manager shall submit software planning parameters, including size and effort estimates, milestones, and characteristics, to the Center measurement repository at the conclusion of major milestones.Upon request
Software Schedules
3.3.1

The project manager shall document and maintain a software schedule that satisfies the following conditions:

  1. Coordinates with the overall project schedule.
  2. Documents the interactions of milestones and deliverables between software, hardware, operations, and the rest of the system.
  3. Reflects the critical dependencies for software development activities.
  4. Identifies and accounts for dependencies with other projects and cross-program dependencies.
Sprint planning, GitHub milestones
3.3.3The project manager shall require the software developer(s) to provide a software schedule for the project’s review and schedule updates as requested.GitHub milestones
Software Classification Assessments
3.5.1The project manager shall classify each system and subsystem containing software in accordance with the highest applicable software classification definitions for Classes A, B, C, D, E, and F software in Appendix D.GCN and all of its dependencies are Class D.
3.5.2The project manager shall maintain records of each software classification determination, each software Requirements Mapping Matrix, and the results of each software independent classification assessments for the life of the project.This table
Software Assurance and Software Independent Verification & Validation
3.6.1The project manager shall plan and implement software assurance, software safety, and IV&V (if required) per NASA-STD-8739.8, Software Assurance and Software Safety Standard.Not safety critical
Safety-critical Software
3.7.1The project manager, in conjunction with the SMA organization, shall determine if each software component is considered to be safety-critical per the criteria defined in NASA-STD-8739.8.Not safety critical
Automatic Generation of Software Source Code
3.8.2The project manager shall require the software developers and custom software suppliers to provide NASA with electronic access to the models, simulations, and associated data used as inputs for auto-generation of software.GitHub repositories
Software Reuse
3.10.1The project manager shall specify reusability requirements that apply to its software development activities to enable future reuse of the software, including the models, simulations, and associated data used as inputs for auto-generation of software, for U.S. Government purposes.Software is open source
3.10.2

The project manager shall evaluate software for potential reuse by other projects across NASA and contribute reuse candidates to the NASA Internal Sharing and Reuse Software systems, however, if the project manager is a contractor, then a civil servant must pre-approve all such software contributions; all software contributions should include, at a minimum, the following information:

  1. Software Title.
  2. Software Description.
  3. The Civil Servant Software Technical Point of Contact for the software product.
  4. The language or languages used to develop the software.
  5. Any third party code contained therein and the record of the requisite license or permission received from the third party permitting the Government’s use, if applicable.
Software is open source, indexed by applicable public package collections
Software Cybersecurity
3.11.2The project manager shall perform a software cybersecurity assessment on the software components per the Agency security policies and the project requirements, including risks posed by the use of COTS, GOTS, MOTS, OSS, or reused software components.Considered in review of new dependencies in GitHub pull requests. GitHub Dependabot alerts are enabled
3.11.3The project manager shall identify cybersecurity risks, along with their mitigations, in flight and ground software systems and plan the mitigations for these systems.Considered in reviews of all GitHub pull requests
3.11.4The project manager shall implement protections for software systems with communications capabilities against unauthorized access per the requirements contained in the Space System Protection Standard, NASA-STD-1006.Not applicable; no capabilities for communication with spacecraft
3.11.5The project manager shall test the software and record test results for the required software cybersecurity mitigation implementations identified from the security vulnerabilities and security weaknesses analysis.GitHub code scanning enabled
3.11.6The project manager shall identify, record, and implement secure coding practices.See, for example, OWASP Secure Coding Practices
3.11.7The project manager shall verify that the software code meets the project’s secure coding standard by using the results from static analysis tool(s).CodeQL
Software Bi-Directional Traceability
3.12.1The project manager shall perform, record, and maintain bi-directional traceability between the following software elements: (See Table in 3.12.1)Unit tests and integration tests as needed
Software Requirements
4.1.2The project manager shall establish, capture, record, approve, and maintain software requirements, including requirements for COTS, GOTS, MOTS, OSS, or reused software components, as part of the technical specification.Informally, during sprint planning
4.1.5The project manager shall track and manage changes to the software requirements.Acceptance criteria in GitHub issues
4.1.6The project manager shall identify, initiate corrective actions, and track until closure inconsistencies among requirements, project plans, and software products.GitHub issues
4.1.7The project manager shall perform requirements validation to ensure that the software will perform as intended in the customer environment.Unit tests and integration tests as needed
Software Implementation
4.4.3The project manager shall select, define, and adhere to software coding methods, standards, and criteria.These docs
4.4.4The project manager shall use static analysis tools to analyze the code during the development and testing phases to, at a minimum, detect defects, software security, code coverage, and software complexity.Codecov.io, CodeQL
4.4.5The project manager shall unit test the software code.e.g. Jest, Pytest
4.4.6The project manager shall assure that the unit test results are repeatable.GitHub Actions
4.4.7The project manager shall provide a software version description for each software release.GitHub releases
Software Testing
4.5.2

The project manager shall establish and maintain:

  1. Software test plan(s).
  2. Software test procedure(s).
  3. Software test(s), including any code specifically written to perform test procedures.
  4. Software test report(s).
These docs
4.5.3The project manager shall test the software against its requirements.Unit tests and integration tests as needed
4.5.5The project manager shall evaluate test results and record the evaluation.GitHub Actions
4.5.7The project manager shall update the software test and verification plan(s) and procedure(s) to be consistent with software requirements.These docs
4.5.9The project manager shall ensure that the code coverage measurements for the software are selected, implemented, tracked, recorded, and reported.Codecov.io
4.5.12The project manager shall verify through test the software requirements that trace to a hazardous event, cause, or mitigation technique.As a criterion in reivew of pull requests
Software Operations, Maintenance, and Retirement
4.6.2The project manager shall plan and implement software operations, maintenance, and retirement activities.These docs
4.6.3The project manager shall complete and deliver the software product to the customer with appropriate records, including as-built records, to support the operations and maintenance phase of the software’s life cycle.E.g. NPM and PyPI packages
4.6.4The project manager shall complete, prior to delivery, verification that all software requirements identified for this delivery have been met or dispositioned, that all approved changes have been implemented and that all defects designated for resolution prior to delivery have been resolved.Unit tests, integration tests, deployment stages
4.6.5The project manager shall maintain the software using standards and processes per the applicable software classification throughout the maintenance phase.These docs
4.6.6The project manager shall identify the records and software tools to be archived, the location of the archive, and procedures for access to the products for software retirement or disposal.https://github.com/nasa-gcn GitHub org
Software Configuration Management
5.1.2The project manager shall develop a software configuration management plan that describes the functions, responsibilities, and authority for the implementation of software configuration management for the project.These docs, GitHub
5.1.3The project manager shall track and evaluate changes to software products.GitHub issues and pull requests
5.1.4The project manager shall identify the software configuration items (e.g., software records, code, data, tools, models, scripts) and their versions to be controlled for the project.Everything is in GitHub
5.1.5

The project manager shall establish and implement procedures to:

  1. Designate the levels of control through which each identified software configuration item is required to pass.
  2. Identify the persons or groups with authority to authorize changes.
  3. Identify the persons or groups to make changes at each level.
GitHub teams
5.1.6The project manager shall prepare and maintain records of the configuration status of software configuration items.These docs
5.1.7The project manager shall perform software configuration audits to determine the correct version of the software configuration items and verify that they conform to the records that define them.Dependabot
5.1.8The project manager shall establish and implement procedures for the storage, handling, delivery, release, and maintenance of deliverable software products.E.g. NPM and PyPI packages
Software Non-conformance or Defect Management
5.5.1The project manager shall track and maintain software non-conformances (including defects in tools and appropriate ground software).GitHub issues
Looking for U.S. government information and services? Visit USA.gov