The developer shall meet the following general requirements in carrying out
the detailed requirements in section 5 of this
standard.
4.2.1 Software development methods. The developer shall use systematic,
documented methods for all software development activities. These methods
shall be described in, or referenced from, the software development
plan.
4.2.2 Standards for software products. The developer shall develop and
apply standards for representing requirements, design, code, test cases, test
procedures, and test results. These standards shall be described in, or
referenced from, the software development plan.
4.2.3 Reusable software products. The developer shall meet the following
requirements.
4.2.3.1 Incorporating reusable software products. The developer shall
identify and evaluate reusable software products for use in fulfilling the
requirements of the contract. The scope of the search and the criteria to be
used for evaluation shall be as described in the software development plan.
Reusable software products that meet the criteria shall be used where
practical. Appendix B provides required and candidate criteria and interprets
this standard for incorporation of reusable software products. Incorporated
software products shall meet the data rights requirements in the
contract.
4.2.3.2 Developing reusable software products. During the course of the
contract, the developer shall identify opportunities for developing software
products for reuse and shall evaluate the benefits and costs of these
opportunities. Opportunities that provide cost benefits and are compatible
with program objectives shall be identified to the acquirer.
Note: In addition, the developer may be required by the contract to develop
software products specifically for reuse.
4.2.4 Handling of critical requirements. The developer shall meet the
following requirements.
4.2.4.1 Safety assurance. The developer shall identify as safety-critical
those CSCIs or portions thereof whose failure could lead to a hazardous system
state (one that could result in unintended death, injury, loss of property, or
environmental harm). If there is such software, the developer shall develop a
safety assurance strategy, including both tests and analyses, to assure that
the requirements, design, implementation, and operating procedures for the
identified software minimize or eliminate the potential for hazardous
conditions. The strategy shall include a software safety program, which shall
be integrated with the system safety program if one exists. The developer
shall record the strategy in the software development plan, implement the
strategy, and produce evidence, as part of required software products, that
the safety assurance strategy has been carried out.
4.2.4.2 Security assurance. The developer shall identify as
security-critical those CSCIs or portions thereof whose failure could lead to
a breach of system security. If there is such software, the developer shall
develop a security assurance strategy to assure that the requirements, design,
implementation, and operating procedures for the identified software minimize
or eliminate the potential for breaches of system security. The developer
shall record the strategy in the software development plan, implement the
strategy, and produce evidence, as part of required software products, that
the security assurance strategy has been carried out.
4.2.4.3 Privacy assurance. The developer shall identify as privacy-critical
those CSCIs or portions thereof whose failure could lead to a breach of system
privacy. If there is such software, the developer shall develop a privacy
assurance strategy to assure that the requirements, design, implementation,
and operating procedures for the identified software minimize or eliminate the
potential for breaches of system privacy. The developer shall record the
strategy in the software development plan, implement the strategy, and produce
evidence, as part of required software products, that the privacy assurance
strategy has been carried out.
4.2.4.4 Assurance of other critical requirements. If a system relies on
software to satisfy other requirements deemed critical by the contract or by
system specifications, the developer shall identify those CSCIs or portions
thereof whose failure could lead to violation of those critical requirements;
develop a strategy to assure that the requirements, design, implementation,
and operating procedures for the identified software minimize or eliminate the
potential for such violations; record the strategy in the software development
plan; implement the strategy; and produce evidence, as part of required
software products, that the assurance strategy has been carried out.
4.2.5 Computer hardware resource utilization. The developer shall analyze
contract requirements concerning computer hardware resource utilization (such
as maximum allowable use of processor capacity, memory capacity, input/output
device capacity, auxiliary storage device capacity, and communications/network
equipment capacity). The developer shall allocate computer hardware resources
among the CSCIs, monitor the utilization of these resources for the duration
of the contract, and reallocate or identify the need for additional resources
as necessary to meet contract requirements.
4.2.6 Recording rationale. The developer shall record rationale that will
be useful to the support agency for key decisions made in specifying,
designing, implementing, and testing the software. The rationale shall include
trade-offs considered, analysis methods, and criteria used to make the
decisions. The rationale shall be recorded in documents, code comments, or
other media that will transition to the support agency. The meaning of "key
decisions" and the approach for providing the rationale shall be described in
the software development plan.
4.2.7 Access for acquirer review. The developer shall provide the acquirer
or its authorized representative access to developer and subcontractor
facilities, including the software engineering and test environments, for
review of software products and activities required by the
contract.
