The developer shall establish a software development process consistent with contract requirements. The software development process shall include the following major activities, which may overlap, may be applied iteratively, may be applied differently to different elements of software, and need not be performed in the order listed below. Appendix G provides examples. The developer's software development process shall be described in the software development plan.
a. Project planning and oversight (section 5.1)
b. Establishing a software development environment (5.2)
c. System requirements analysis (5.3)
d. System design (5.4)
e. Software requirements analysis (5.5)
f. Software design (5.6)
g. Software implementation and unit testing (5.7)
h. Unit integration and testing (5.8)
i. CSCI qualification testing (5.9)
j. CSCI/HWCI integration and testing (5.10)
k. System qualification testing (5.11)
l. Preparing for software use (5.12)
m. Preparing for software transition (5.13)
n. Integral processes:
1) Software configuration management (5.14)
2) Software product evaluation (5.15)
3) Software quality assurance (5.16)
4) Corrective action (5.17)
5) Joint technical and management reviews (5.18)
6) Other activities (5.19)
The developer shall meet the following general requirements in carrying out the detailed requirements in section 5 of this standard.
The developer shall use systematic, documented methods for all software development activities. These methods shall be described in, or referenced from, the software development plan.
The developer shall develop and apply standards for representing requirements, design, code, test cases, test procedures, and test results. These standards shall be described in, or referenced from, the software development plan.
The developer shall meet the following requirements.
The developer shall identify and evaluate reusable software products for use in fulfilling the requirements of the contract. The scope of the search and the criteria to be used for evaluation shall be as described in the software development plan. Reusable software products that meet the criteria shall be used where practical. Appendix B provides required and candidate criteria and interprets this standard for incorporation of reusable software products. Incorporated software products shall meet the data rights requirements in the contract.
During the course of the contract, the developer shall identify opportunities for developing software products for reuse and shall evaluate the benefits and costs of these opportunities. Opportunities that provide cost benefits and are compatible with program objectives shall be identified to the acquirer.
Note: In addition, the developer may be required by the contract to develop software products specifically for reuse.
The developer shall meet the following requirements.
The developer shall identify as safety-critical those CSCIs or portions thereof whose failure could lead to a hazardous system state (one that could result in unintended death, injury, loss of property, or environmental harm). If there is such software, the developer shall develop a safety assurance strategy, including both tests and analyses, to assure that the requirements, design, implementation, and operating procedures for the identified software minimize or eliminate the potential for hazardous conditions. The strategy shall include a software safety program, which shall be integrated with the system safety program if one exists. The developer shall record the strategy in the software development plan, implement the strategy, and produce evidence, as part of required software products, that the safety assurance strategy has been carried out.
The developer shall identify as security-critical those CSCIs or portions thereof whose failure could lead to a breach of system security. If there is such software, the developer shall develop a security assurance strategy to assure that the requirements, design, implementation, and operating procedures for the identified software minimize or eliminate the potential for breaches of system security. The developer shall record the strategy in the software development plan, implement the strategy, and produce evidence, as part of required software products, that the security assurance strategy has been carried out.
The developer shall identify as privacy-critical those CSCIs or portions thereof whose failure could lead to a breach of system privacy. If there is such software, the developer shall develop a privacy assurance strategy to assure that the requirements, design, implementation, and operating procedures for the identified software minimize or eliminate the potential for breaches of system privacy. The developer shall record the strategy in the software development plan, implement the strategy, and produce evidence, as part of required software products, that the privacy assurance strategy has been carried out.
If a system relies on software to satisfy other requirements deemed critical by the contract or by system specifications, the developer shall identify those CSCIs or portions thereof whose failure could lead to violation of those critical requirements; develop a strategy to assure that the requirements, design, implementation, and operating procedures for the identified software minimize or eliminate the potential for such violations; record the strategy in the software development plan; implement the strategy; and produce evidence, as part of required software products, that the assurance strategy has been carried out.
The developer shall analyze contract requirements concerning computer hardware resource utilization (such as maximum allowable use of processor capacity, memory capacity, input/output device capacity, auxiliary storage device capacity, and communications/network equipment capacity). The developer shall allocate computer hardware resources among the CSCIs, monitor the utilization of these resources for the duration of the contract, and reallocate or identify the need for additional resources as necessary to meet contract requirements.
The developer shall record rationale that will be useful to the support agency for key decisions made in specifying, designing, implementing, and testing the software. The rationale shall include trade-offs considered, analysis methods, and criteria used to make the decisions. The rationale shall be recorded in documents, code comments, or other media that will transition to the support agency. The meaning of "key decisions" and the approach for providing the rationale shall be described in the software development plan.
The developer shall provide the acquirer or its authorized representative access to developer and subcontractor facilities, including the software engineering and test environments, for review of software products and activities required by the contract.
Translator: Simon Wright simon@pogner.demon.co.uk
Last updated: 22.iii.99