Software Assurance Guidebook and Standard

The growth in cost and importance of software to NASA has caused NASA to address the improvement of software development across the agency. One of the products of this program is a series of guidebooks that define a NASA concept of the assurance processes that are used in software development. The SMAP-GB-A201, "Software Assurance Guidebook" provides an overall picture of the NASA concepts and practices in software assurance, and the NASA-STD-2201-93, "Software Assurance Standard" is intended for use as a requirement to be placed on a software provider, or to serve as a guide for auditing of software assurance activities. This web page provides the ability to browse the standard and guidebook (either in it's entirety or by section) and to download the standard and guidebook in postscript format.

Software assurance is the planned and systematic set of activities that ensures that software processes and products conform to requirements, standards, and procedures. "Processes" include all of the activities involved in designing, developing, enhancing, and maintaining software; "products" include the software, associated data, its documentation, and all supporting and reporting paperwork. The guidebook gives an Overview of the Software Assurance process, and then discusses some considerations in Establishing a Project Software Assurance Activity.

Software Quality Assurance (SQA) is defined as a planned and systematic approach to the evaluation of the quality of and adherence to software product standards, processes, and procedures. SQA includes the process of assuring that standards and procedures are established and are followed throughout the software acquisition life cycle. A major SQA activity is auditing. For details of auditing, see SMAP-GB-A301, "Software Quality Assurance Audits Guidebook".

Software Quality Engineering (SQE) is a process that evaluates, assesses, and improves the quality of software. Software quality is often defined as the degree to which software meets requirements for reliability, maintainability, transportability, etc., as contrasted with functional, performance, and interface requirements that are satisfied as a result of software engineering.

This is contrasted with Software Verification and Validation (V&V), which is the process of ensuring that software being developed or changed will satisfy functional and other requirements (validation) and each step in the process of building the software yields the right products (verification).

During the process of validation and verification, errors (nonconformances) will be found. A Nonconformance Reporting and Corrective Action (NRCA) system or procedure is used to report, analyze, and correct nonconformances and collect information from which reports on the overall status of nonconformances can be made.

Specialized forms of assurance may be needed. For safety critical systems a Software Safety process is needed. These is now a NASA-STD-8719.13A, "NASA Software Safety Standard" , and preparation of a Software Safety Guidebook is underway at Lewis Research Center. In addition to safety assurance, most systems will need some form of Security Assurance.

If the browse has made you decide that you want a printable copy there are postscript files, suitable for printing, including title pages, table of contents, appendices, etc, available below.

• Software Assurance Guidebook (Postscript 152KB)
• Software Assurance Standard (Postscript 71KB)

If you have any questions or comments about the SATC, contact:

Dr. Linda Rosenberg
NASA/GSFC
Code 302 -  Bldg 6
Greenbelt, MD 20771

Linda.Rosenberg@gsfc.nasa.gov

This page was last updated on:
06/29/99