Procedural
Requirements
Effective Date: June 14, 2023
Expiration Date: June 14, 2028
|
|
NASA Procedural Requirements |
NPR 2210.1E Effective Date: June 14, 2023 Expiration Date: June 14, 2028 |
| | TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | ALL | |
1.1.1 The Technology Transfer Program Executive is responsible for the overall management of the NASA software release policy established by NPD 7120.4, NASA Engineering and Program/Project Management Policy, and shall establish and implement software release procedures, requirements, and supplemental policy with the General Counsel or designee.
1.1.2 The Technology Transfer Program Executive shall encourage the broadest appropriate dissemination of NASA software.
1.1.2.1 The organization designated by the Technology Transfer Program Executive is responsible for coordinating a technology commercialization assessment of software deemed within the scope and purpose of this NPR.
1.1.3 The Technology Transfer Program Executive shall charter a Software Release Authority Working Group (SRAWG) to document and implement software release best practices, identify and resolve software release issues, and work with the Technology Transfer Program Executive, or designee, in consultation with Agency Counsel for Intellectual Property (ACIP), or designee.
1.1.4 The SRAWG shall coordinate with the Software Working Group (SWG), chartered by the Office of the Chief Engineer, and defined in NPD 7120.4, to ensure appropriate visibility of software issues within the Agency.
1.1.5 The Chairperson of the SRAWG shall be a member of the SWG.
1.2.1 The General Counsel and the Agency Counsel for Intellectual Property (ACIP), or their designee(s), are responsible for providing and maintaining the NASA Model Software Usage Agreement(s) (SUA), the legal instrument(s) employed in releasing NASA software, as described herein.
1.2.2 Uniformity in SUA(s) across Centers will be achieved to the maximum extent practicable.
1.2.2.1 When requested to modify a NASA model SUA, or create a new model SUA, the SUA official designated by the Technology Transfer Program Executive, and the ACIP, or designee(s), shall work jointly to establish mutually acceptable standardized language for SUA(s), as well as determining acceptability of requests for modifications to the model SUA(s).
1.2.3 The ACIP and the Center Patent or Intellectual Property (IP) Counsel, or their attorney designee(s), are responsible for providing appropriate legal counsel with respect to an Intellectual Property and Releasability Rights Assessment under Section 2.4 of this NPR on software prior to its approval for all releases.
1.3.1 The CEA is responsible for coordinating an export control assessment on all software prior to its Approval for Public Release, Approval for Open-Source Release, or Approval for United States (U.S. and Foreign Release, (i.e., assisting with a determination whether the software, or some portion thereof, is subject to export restrictions under either the Export Administration Regulations (EAR) or the International Traffic in Arms Regulations (ITAR)).
1.3.2 When a foreign release of software is contemplated (including a release to a foreign entity within the United States), the CEA shall be consulted to ensure that such release complies with applicable export laws and regulations and the NASA Export Control Program. See also NPD 2190.1 and NPR 2190.1, both entitled NASA Export Control Program.
The Center Director, or designee, is responsible for appointing a Software Release Authority (SRA) within the Center technology transfer office to carry out responsibilities specified in this NPR.
The NASA Inspector General, or designee, is responsible for appointing an individual as an SRA for the purpose of determining the release of forensic software developed by the Office of Inspector General for law enforcement purposes. The SRA appointed for this purpose shall comply with the requirements of this NPR.
The CISO is responsible for identifying security risks inherent in the release of specific software, notifying the developer(s) and the SRA, and for determining how to eliminate or manage those risks, as needed. The CISO shall develop guidance on when an (IT) security assessment may be needed, including a standard checklist to assist in identifying IT security risks associated with the release of software that will require an IT security assessment. The CISO will be consulted, as warranted by the guidance, by the SRA and the responsible software development and assurance organizations prior to the release of the software.
The Center Chief of the Office of Communications, or designee, is responsible for reviewing public, or external, mobile applications for appropriate content and NASA branding prior to a final release determination by the SRA.
The Center Technology Transfer Officer (CTTO) shall review all incoming Software-related New Technology Reports and determine, in consultation with Center Patent or IP Counsel, the broadest appropriate method of distribution, whether through patenting and licensing or otherwise promote commercialization of the technology under the software release process set forth herein. This determination should follow the Agency evidence-based commercialization process described in NPR 7500.2A, NASA Technology Transfer Requirements, section 4.3.
1.9.1 The primary responsibility of the SRA is to ensure that software is released in accordance with the requirements of this NPR.
1.9.2 The SRA is responsible for ensuring that Center software are reviewed through the NTTS Software Release System and loaded into the NASA Software Catalog and Repository. Another important responsibility of SRAs is to reach out to Center software developers regularly and solicit new software for the NASA Software Catalog.
1.9.3 The SRA shall:
a. Be the Center representative on the SRAWG.
b. For software that is classified as ITAR or EAR with an Export Control Classification Number (ECCN) number, retain the signed SUA or other Software Release Record, respectively, for each software released in accordance with this NPR and NPR 1441.1, NASA Records Management Program Requirements; and document each individual release of software in the Software Release section of the NASA Technology Transfer System (NTTS). The electronic copy of the original signed SUA or release record is maintained by the SRA and shall be attached to the appropriate NTTS record.
c. Be responsible for determining whether software can be designated for release. This determination shall be made in coordination with the Patent or IP Counsel, the Technology Transfer designee for commercial assessment, the CEA, the CISO, the Procurement Office, the Office or Project responsible for the software, and other offices as necessary.
d. Communicate to organizations developing or acquiring software at a field Center the requirements to disclosure software through the NTR submission process as described in NPD 2091.1, Inventions by Government Employees. The SRA assists organizations with disclosure compliance, including assisting software contacts (POCs) in navigating the Software Release System and complying with all requirements in this NPR.
e. Once a code has been classified as releasable and given a release type designation, the SRA shall ensure that a plain language description of the code has been added to the online NASA Software Catalog before it is added to the NASA Software Repository.
f. Review minor enhancements and consult with the Patent or IP Counsel to determine the applicability of this NPR to the minor enhancement. Where the SRA determines that this NPR does not apply to a particular minor enhancement, the minor enhancement alone may be released without complying with the requirements of this NPR. Minor enhancements or bug fixes to pre-existing software that do not materially alter the operation of the pre-existing software may not be subject to the requirements of this NPR.
g. As determined by the SRA, previously released software that has been modified only by incorporating a minor enhancement or bug fixes deemed by the SRA as outside the scope of the NPR may be released to the same recipient(s) without requiring additional reporting, reviews, or SUAs under this NPR.
1.10.1 Once software has been approved for release by the Center SRA and loaded to the NASA Software Repository, the Software Usage Agreement Processing Team (SUAPT) shall disposition and fulfill incoming requests for software using the template Software Usage Agreements.
1.10.2 The SUAPT will use the Agency-approved identity credentialing tool and supplemental procedures to develop a confidence level in the authenticity of requestor identities.
1.10.3 The SUAPT shall document each individual release of software in the Software Release Section of the NTTS. If an electronic copy of the original signed SUA or release record is maintained by the SRA, the original paper copy may be discarded. A backup copy shall be attached electronically to the appropriate NTTS record.
1.11.1 The Center Office or Project that has responsibility for a particular software is responsible for recommending a desired release category under section 3.2 and shall notify the SRA of the following:
a. Any programmatic restrictions on release of the software.
b. The software's classification (i.e., Class A - F) as defined in NPR 7150.2, NASA Software Engineering Requirements.
c. Whether the software complies with the software engineering and assurance requirements of NPR 7150.2 and NASA-STD-8739.8, Software Assurance and Software Safety Standard, for the applicable software classification.
d. Whether the software is safety-critical software as defined in NASA-STD-8739.8.
e. The software's Technology Readiness Level (TRL) as defined in NPR 7120.8, NASA Research and Technology Program and Project Management Requirements. f. Any software documentation, as defined in Appendix A, that is proposed (or available) for release with the software.
g. Whether any known export restrictions apply to the software.
h. Whether the software includes any open source or other third-party software, and provide a text copy of the applicable license for the downloaded version for the included open source or other third-party software.
i. Whether open-source release of the software is proposed.
j. Whether the software includes any embedded computer databases.
1.11.2 Before the release of any software, the Office or Project that has responsibility for the software, shall coordinate with the 508 Coordinator, for the purposes of obtaining a decision from the Coordinator regarding the software's Section 508 compliance, including any appropriate exceptions in accordance with NPR 2800.2, Information and Communication Technology Accessibility.
1.11.3 NASA projects may undertake Open-Source Software Development, as defined in Appendix A, only if the Office or Project that has responsibility for acquisition or development of the software supports incorporation of external open-source software into software. In addition, the Office or Project responsible for the software acquisition or development shall:
a. Determine the ramifications of incorporating such external open-source software during the acquisition planning process specified in Acquisition Plans, 48 CFR subpt. 1807.1.
b. Consult with the Patent or IP Counsel early in the planning process as the license under which the open-source software was acquired may negatively impact NASA's intended use.
1.11.4 In accordance with applicable laws and regulations, Center Offices or Projects have discretionary authority to publicly release computer databases and software documentation depending on the Government's rights and obligations regarding such data.
a. Upon request, and depending on the Government's intellectual property rights and any other legal restrictions on release (e.g., export control), NASA computer programs that are used to read and manipulate computer databases may be publicly released with the computer databases, but only if such computer programs are not commercially available. For the release of software documentation, see Appendix A. In addition, certain types of information are restricted from dissemination via NASA public Web sites in accordance with NPR 2810.2, Security of Information Technology, section 11.3.9, Internet Publishing Content Requirements.
b. In general, software is not considered a record under the Freedom of Information Act, 5 U.S.C. ยง 552 (FOIA) and, therefore, is not subject to the mandatory release requirements of the FOIA. Requests for software under the FOIA are coordinated between the Center FOIA Office and the Center Software Release Authority.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | ALL | |
| | NODIS Library | Legal Policies(2000s) | Search | |
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.