Procedural
Requirements
Effective Date: August 17, 2020
Expiration Date: August 17, 2030
|
|
NASA Procedural Requirements |
NPR 7120.7A Effective Date: August 17, 2020 Expiration Date: August 17, 2030 |
| | TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | AppenidxE | ALL | |
Service Line Directors, Service Line Deputy Directors, and Project Managers shall manage Major IT Investments in accordance with OMB M-15-14, Management and Oversight of Federal Information Technology, and be certified in compliance with Office of Federal Procurement Policy (OFPP) December 16, 2013, Memo on Revisions to the Federal Acquisition Certification for Program and Project Managers (FAC-P/PM) within two years of position assignment.
a. Tailoring is the process used to adjust or seek relief from a prescribed requirement to meet the needs of a specific service line, project, initiative, or activity. Among other things, it enables agility without sacrificing necessary rigor in development and testing. Tailoring is both an expected and accepted part of establishing proper requirements, as it is recognized that each service line, project, initiative, or activity has unique aspects that may warrant a modification from the nominal process without sacrificing the likelihood of achieving success in a safe, efficient, and economical manner.
b. In accordance with NPD 1000.0, all prescribed requirements (requirements levied on a lower organizational level by a higher organizational level) are complied with unless relief is formally granted.
c. Preapproved Compliance Matrices help streamline the tailoring process for some projects, create standardized adoption of a common development methodology with consistent tailoring within an IT service line, and help create standardization and smart-sizing of different types of IT projects.
d. The IT Program/Project Management Lead shall store all pre-approved Compliance Matrices in a records repository accessible by the Agency OCIO.
e. The Service Line Deputy Director or Project Manager shall complete the following:
(1) Obtain written approval for tailoring from the respective requirements owner in OCIO and annotate the approver's name and the date of approval in the justification column of the submitted Compliance Matrix.
(2) Submit requests for tailoring of this NPR in the form of the full Compliance Matrix (Appendix C) or provide justification to use a preapproved Compliance Matrix.
(3) Execute the service line / project in accordance with the approved Compliance Matrix.
(4) Submit a waiver request if a requirement in the approved Compliance Matrix is violated.
f. The KDP DA reviews and dispositions waivers.
g. Tailoring does not apply to IT activities or initiatives.
a. The Service Line Deputy Director or Project Manager shall complete the following tasks while conducting reviews:
(1) Conduct all required reviews as approved by the KDP DA in the Compliance Matrix.
(2) Meet the requirements of all reviews as approved in the Compliance Matrix, even if reviews are combined.
(3) Use OCIO standard templates to ensure that requirements are met consistently during reviews.
(4) Ensure that a response has been made to each Review Item Discrepancy (RID) and Request for Action (RFA) from previous reviews or that a timely closure plan exists for any RIDs or RFAs remaining open.
(5) Create a Decision Memorandum to document results and decisions of all IT service line and IT project reviews including actions. The SE DA approves the SE review decision memos and the KDP DA approves the KDP Review decision memos.
(7) Ensure documents are updated to reflect rebaselines, replans, or other changes prior to each review.
(8) Store required documentation, as documented in the Compliance Matrix, in a records repository accessible by the Agency OCIO prior to each review.
b. The waiving of a review does not alleviate the requirement to provide the configuration items associated with that review.
To ensure IT service lines, projects, initiatives, and activities are aligned to the Agency IT EA and roadmaps, the Service Line Deputy Director or Project Manager shall ensure that all IT service line, project, initiative, and activity teams operate in accordance with NPR 2830.1, NASA Enterprise Architecture Procedures, by providing the documentation listed in the Compliance Matrix (Appendix C).
To ensure IT security across NASA meets confidentiality, integrity, and availability objectives for data and information including disaster recovery and continuity of operations for systems, the Service Line Deputy Director or Project Manager shall ensure that all IT service line, project, initiative, and activity teams operate in accordance with NPD 2810.1, NASA Information Security Policy, and NPR 2810.1, Security of Information and Information Systems, by providing the documentation listed in the Compliance Matrix (Appendix C).
To comply with Federal law and build a history of NASA's decisions for future use, the Service Line Deputy Director or Project Manager shall ensure that all IT service line, project, initiative, and activity teams operate in accordance with NPD 1440.6, NASA Records Management, and NPR 1441.1, NASA Records Management Program Requirements, by providing the documentation listed in the Compliance Matrix (Appendix C).
To maintain the privacy of personal information, the Deputy Service Line Director or Project Manager shall ensure that NASA IT service line, project, initiative, and activity teams operate in accordance with NPR 1382.1, NASA Privacy Procedural Requirements, by providing the documentation listed in the Compliance Matrix (Appendix C).
To comply with 44 U.S.C. § 3501, the Paperwork Reduction Act (PRA) of 1995, the Deputy Service Line Director or Project Manager shall conduct a PRA assessment for NASA IT systems or projects that involve the collection of information from individuals; educational and nonprofit institutions; Federal contractors; state, local, and tribal governments; and businesses in accordance with NAII 2800.1, NASA Advisory Implementing Instructions: NASA Paperwork Reduction Act (PRA) Compliance Program.
The Deputy Service Line Director or Project Manager shall conduct risk analyses throughout all life cycle phases and use the risk assessments to make risk-informed decisions in accordance with NPR 8000.4, Agency Risk Management Procedural Requirements, and NASA OCIO/SP-2018-0001, OCIO Risk Management Plan.
To identify, value, recognize, and report capitalized Property, Plant, and Equipment (PP&E), the Deputy Service Line Director or Project Manager shall identify capital assets and their costs in accordance with NPD 9250.1, Capital Asset Identification and Treatment.
To comply with 29 U.S.C § 794, Section 508 Rehabilitation Act of 1973, and to ensure the needs of users with disabilities are met the Service Line Deputy Director or Project Manager shall ensure that NASA IT service line, project, initiative, and activity teams operate in accordance with NPR 2800.2, Information and Communication Technology Accessibility.
a. An Independent Assessment (IA) is a review of a service line, project, or activity that provides unbiased analysis of schedule, cost, technical risk, and performance.
b. The IA Chair shall conduct the IA for service lines prior to each service line life cycle phase transition and present results at each KDP Review.
c. The IA Chair shall conduct the IA for projects prior to the Implementation Phase and present the results at the KDP-Implementation review.
d. An IA for an activity may occur at any point during O&M at the discretion of the KDP DA for service line KDP reviews.
e. For information on the process of conducting an IA, reference the document NASA/SP-2016-3076, NASA Standing Review Board Handbook.
a. If the KDP DA is considering the termination of a service line or project, then the KDP DA shall conduct a Termination Review. This review can be requested at any point in the life cycle.
b. Circumstances such as the anticipated inability of the service line or project to meet its commitments, an unanticipated change in NASA IT strategic planning, or an unanticipated change in the NASA budget may trigger a Termination Review.
c. The KDP DA may commission an IA prior to the Termination Review.
d. The termination of a Technology Development (TD) can be requested by anyone at any point and is proposed as part of the KDP-TD Transition review.
e. The termination of an initiative is at the discretion of the Service Line Deputy Director and no review is required.
f. The termination of an activity is managed through the service line's change control process.
g. The Service Line Deputy Director or Project Manager shall provide the final Termination Review presentation.
h. The KDP DA shall decide to continue or terminate the service line or project.
IT service lines and projects shall follow the Formal Dissent process in accordance with NPD 1000.0, NASA Governance and Strategic Management Handbook and the IT Governance Handbook.
Management of IT service lines and their components is governed by a series of public regulations and NASA NPRs and NPDs. To assist Program Managers, Project Managers Initiative Leads, and Activity Leads, NASA OCIO/SP-2020-0002, IT Program/Project Management Handbook, provides details on how to implement this NPR.
| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | AppenidxE | ALL | |
| | NODIS Library | Program Formulation(7000s) | Search | |
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.