code.nasa.gov

Guide

Software release at NASA is governed by NPR 2210.1C. NPR 2210.1C establishes the roles, responsibilities, and procedures for reporting, reviewing, and releasing software under various conditions, including open source. Every center has a Software Release Authority (SRA). The SRA processes requests for software release and coordinates legal, export control, IT security, 508 compliance, and software engineering standards compliance reviews. Projects hoping to release software should contact their SRA early to discuss their goals and begin the reporting, review, and release process.

The center SRAs are as follows:

Center Name Title Phone Email
ARC Martha Del Alto SRA 650.604.4865 martha.e.delalto@nasa.gov
ARC Kim Chrestenson SRA Alternate 650.604.5063 kim.l.chrestenson@nasa.gov
DFRC Earl Adams SRA 661.276.5307 earl.s.adams@nasa.gov
DFRC Samantha Hull SRA Alternate 661.276.3368 samantha.m.hull@nasa.gov
GRC Kim Dalgleish-Miller SRA 216.433.8047 kimberly.a.dalgleish@nasa.gov
GRC Jason Hanna SRA Alterante 216.433.6731 jason.m.hanna@nasa.gov
GSFC Nona K. Cheeks SRA 301.286.5810 nona.k.cheeks@nasa.gov
GSFC Enidia Santiago-Arce SRA Alternate 301.286.8497 enidia.santiago-arce@nasa.gov
HQ Liteshia Dennis SRA 202.358.4778 liteshia.b.dennis@nasa.gov
JPL Brian Morrison SRA 818.354.2458 brian.a.morrison@jpl.nasa.gov
JSC Michelle Kamman SRA 281.483.7548 michelle.kamman-1@nasa.gov
KSC Roger Liang SRA 321.861.2224 roger.h.liang@nasa.gov
KSC Lew Parrish SRA Alternate 321.867.5033 lewis.m.parrish@nasa.gov
LaRC Stuart Pendleton SRA 757.864.2943 stuart.e.pendleton@nasa.gov
MSFC Danny Garcia SRA 256.544.4138 danny.garcia-1@nasa.gov
MSFC Carolyn McMillian SRA Alternate 256.544.9151 carolyn.e.mcmillan@nasa.gov
SSC John Lansaw SRA Alternate 228.688.1962 john.lansaw-1@nasa.gov

One initiates the software review process by reporting the software as described in NPR 2210.1C (e.g., submitting a description of the software to be released, the individuals involved in its creation, development timeline, available documentation, and related topics). Depending on center procedures, this information may be captured through the NASA Technology Reporting System or standard form NF1679. Contact your SRA for the specific procedure used at your center.

Each piece of software is unique, and must be reviewed on a case-by-case basis. Generally speaking, however, the review process will address the following considerations:

  • Legal. It is important to ensure that NASA has appropriate rights in software, including subcomponents, before NASA releases that material outside the agency. Software is rarely developed in isolation. If your project uses external dependencies, you must provide details about such packages or sources when you report your software. (See NPR 2210.1C, Chapter 2 for details on reporting software.) The terms and conditions governing external software impact NASA’s right to use and release software, and must be thoroughly analyzed before NASA can release software incorporating that external software. NASA attorneys will also help identify the set of terms and conditions that should govern a particular piece of software when NASA releases it. Per current NASA policy, NASA releases open source software under the NASA Open Source Agreement (NOSA) unless external Open Source Software incorporated into the NASA Open Source Software requires use of a different open source license or unless approved by Center Patent or IP Counsel. Such determinations must be made by your center intellectual property counsel before NASA may release the software in question.
  • Export Control. The Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR), among other laws and policies, restrict which NASA technology may be publicly disclosed. Software falling within the scope of these laws or policies cannot be released open source, and may be subject to release restrictions. Your local export control staff can help you determine whether export control laws apply to your technology.
  • IT Security. Generally speaking, released software should not contain any information peculiar to NASA, such as user names, passwords, database credentials, IP addresses, host names, firewall and network information, or any other data which would expose or create vulnerabilities. Your SRA and IT Security staff will help you understand the types of risks occasioned by software release, and will work with you to remove elements of your software which may give rise to a vulnerability prior to release.
  • 508 Compliance. When developing, procuring, maintaining, or using Electronic and Information Technology (EIT), Federal agencies must ensure that Federal employees with disabilities have access to and use of information and data that is comparable to that for other employees.
  • Software Engineering Requirements. NASA has established formal software engineering requirements in NPR 7150.2A. These requirements govern all software development activities and must be followed throughout a project’s development life cycle. As part of the software release process, your center SRA and Engineering Technical Authority for software will work with you to verify (or establish) your software classification and ensure compliance with the corresponding engineering requirements prior to release. For this area of inquiry in particular it is best to front-load compliance by adhering to the software engineering requirements with a documented compliance matrix from the outset. Otherwise, you may incur significant delay and expense in obtaining compliance prior to release.

Depending on the number of projects being assessed for release at any given time general workloads and backlogs, traversing the release process can take anywhere from 3 to 6 months. The process may take longer for complex or novel release requests. Be sure to factor these time tables (with consultation with your SRA) into your project schedules.