Guide
Software release at NASA is governed by NPR 2210.1C. NPR 2210.1C establishes the roles, responsibilities, and procedures for reporting, reviewing, and releasing software under various conditions, including open source. Every center has a Software Release Authority (SRA). The SRA processes requests for software release and coordinates legal, export control, IT security, 508 compliance, and software engineering standards compliance reviews. Projects hoping to release software should contact their SRA early to discuss their goals and begin the reporting, review, and release process.
The center SRAs are as follows:
| Center | Name | Title | Phone | |
|---|---|---|---|---|
| ARC | Martha Del Alto | SRA | 650.604.4865 | martha.e.delalto@nasa.gov |
| ARC | Kim Chrestenson | SRA Alternate | 650.604.5063 | kim.l.chrestenson@nasa.gov |
| DFRC | Earl Adams | SRA | 661.276.5307 | earl.s.adams@nasa.gov |
| DFRC | Samantha Hull | SRA Alternate | 661.276.3368 | samantha.m.hull@nasa.gov |
| GRC | Kim Dalgleish-Miller | SRA | 216.433.8047 | kimberly.a.dalgleish@nasa.gov |
| GRC | Jason Hanna | SRA Alterante | 216.433.6731 | jason.m.hanna@nasa.gov |
| GSFC | Nona K. Cheeks | SRA | 301.286.5810 | nona.k.cheeks@nasa.gov |
| GSFC | Enidia Santiago-Arce | SRA Alternate | 301.286.8497 | enidia.santiago-arce@nasa.gov |
| HQ | Liteshia Dennis | SRA | 202.358.4778 | liteshia.b.dennis@nasa.gov |
| JPL | Brian Morrison | SRA | 818.354.2458 | brian.a.morrison@jpl.nasa.gov |
| JSC | Arlene Andrews | SRA | 281.483.4730 | jane.i.fox@nasa.gov |
| JSC | Kathy Acuna | SRA Alternate | 281.483.2066 | kathryn.y.acuna@nasa.gov |
| KSC | Roger Liang | SRA | 321.861.2224 | roger.h.liang@nasa.gov |
| KSC | Lew Parrish | SRA Alternate | 321.867.5033 | lewis.m.parrish@nasa.gov |
| LaRC | Stuart Pendleton | SRA | 757.864.2943 | stuart.e.pendleton@nasa.gov |
| MSFC | Danny Garcia | SRA | 256.544.4138 | danny.garcia-1@nasa.gov |
| MSFC | Carolyn McMillian | SRA Alternate | 256.544.9151 | carolyn.e.mcmillan@nasa.gov |
| SSC | John Lansaw | SRA Alternate | 228.688.1962 | john.lansaw-1@nasa.gov |
One initiates the software review process by reporting the software as described in NPR 2210.1C (e.g., submitting a description of the software to be released, the individuals involved in its creation, development timeline, available documentation, and related topics). Depending on center procedures, this information may be captured through the NASA Technology Reporting System or standard form NF1679. Contact your SRA for the specific procedure used at your center.
Each piece of software is unique, and must be reviewed on a case-by-case basis. Generally speaking, however, the review process will address the following considerations:
- Legal. It is important to ensure that NASA has appropriate rights in software, including subcomponents, before NASA releases that material outside the agency. Software is rarely developed in isolation. If your project uses external dependencies, you must provide details about such packages or sources when you report your software. (See NPR 2210.1C, Chapter 2 for details on reporting software.) The terms and conditions governing external software impact NASA’s right to use and release software, and must be thoroughly analyzed before NASA can release software incorporating that external software. NASA attorneys will also help identify the set of terms and conditions that should govern a particular piece of software when NASA releases it. Per current NASA policy, NASA releases open source software under the NASA Open Source Agreement (NOSA) unless external Open Source Software incorporated into the NASA Open Source Software requires use of a different open source license or unless approved by Center Patent or IP Counsel. Such determinations must be made by your center intellectual property counsel before NASA may release the software in question.
- Export Control. The Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR), among other laws and policies, restrict which NASA technology may be publicly disclosed. Software falling within the scope of these laws or policies cannot be released open source, and may be subject to release restrictions. Your local export control staff can help you determine whether export control laws apply to your technology.
- IT Security. Generally speaking, released software should not contain any information peculiar to NASA, such as user names, passwords, database credentials, IP addresses, host names, firewall and network information, or any other data which would expose or create vulnerabilities. Your SRA and IT Security staff will help you understand the types of risks occasioned by software release, and will work with you to remove elements of your software which may give rise to a vulnerability prior to release.
- 508 Compliance. When developing, procuring, maintaining, or using Electronic and Information Technology (EIT), Federal agencies must ensure that Federal employees with disabilities have access to and use of information and data that is comparable to that for other employees.
- Software Engineering Requirements. NASA has established formal software engineering requirements in NPR 7150.2A. These requirements govern all software development activities and must be followed throughout a project’s development life cycle. As part of the software release process, your center SRA and Engineering Technical Authority for software will work with you to verify (or establish) your software classification and ensure compliance with the corresponding engineering requirements prior to release. For this area of inquiry in particular it is best to front-load compliance by adhering to the software engineering requirements with a documented compliance matrix from the outset. Otherwise, you may incur significant delay and expense in obtaining compliance prior to release.
Depending on the number of projects being assessed for release at any given time general workloads and backlogs, traversing the release process can take anywhere from 3 to 6 months. The process may take longer for complex or novel release requests. Be sure to factor these time tables (with consultation with your SRA) into your project schedules.