Suggested Searches

IV&V Capabilities & Services

IV&V provides our mission partners with innovative solutions and capabilities to help solve difficult problems encountered during typical project lifecycles. The program exists as a resource to help mitigate software, system, and security risks on NASA missions. Below are a few examples and highlights of the IV&V capabilities and services we diligently deliver for NASA mission success.

IV&VJSTARMPSSMA

Independent Verification & Validation (IV&V)

The IV&V Office (IVVO) is responsible for providing a systems engineering function that is focused on partnering
with missions to improve reliability and reduce the risk of safety and mission-critical software.

This includes but is not limited to:

  • Applying rigorous and repeatable engineering methodologies for evaluating the correctness and quality of the software product throughout the software life cycle.
  • Collaborating with projects and developers to resolve IV&V identified issues and risks.
  • Providing qualitative assessments and information regarding system and software risk to project and Agency stakeholders throughout the life cycle.
  • Leveraging advanced analysis tools, including a suite of static code analyzers and dynamic analysis capabilities enabled through IV&V’s JSTAR lab.

NPR 7150.2 requirements result in IV&V being applied to NASA’s highest profile missions which:

  • Are human-rated
  • Cost several hundred million dollars
  • Have high priority and complexity

*Projects outside of these requirements can also contact the IV&V Program for potential support.

Go here for more IV&V Overview

Jon McBride Software Testing & Research (JSTAR)

JSTAR Logo

  • Large-scale simulator development, deployment, and support
  • Software-only (aka., Digital Twin) and hardware-in-the-loop test environments
  • Cloud-based infrastructure using server and desktop virtualization
  • Integration of COTS and GOTS software tools to support V&V activities

IV&V’s JSTAR lab has already contributed to an array of successful missions including:

  • Artemis including SLS, EGS, Orion, HLS, and Gateway
  • Science missions such as JWST, GPM, MSR, Roman, Europa, Psyche, Cyber Sim, and various small sats!

Additional JSTAR Information

Mission Protection Services (MPS)

an artistic concept of a spacecraft launching into space from a planet

IV&V Mission Protection Services (MPS) include software security risk assessment, mission and system cybersecurity assessment and threat research, and verification and validation of space and ground software security control implementations. The team collaborates with agency leadership and mission directorate stakeholders to provide a complimentary capability to uncover cyber concerns through engagement in system/software engineering forums that aren’t apparent through cyber deliverables/discussions within mission projects. MPS does not duplicate other agency cyber efforts but instead can provide continued thought leadership in maturing cybersecurity engineering as a discipline.

Analysis and Assessment of Mission:

  • Security Strategy
  • System Development
  • Security Hazards
  • Entry Points, Interfaces, and Communication Pathways
  • Security Architecture and Testing
  • Security Risks
  • Vulnerability Verification and Impact
  • Information Exposure and Threats

Assessment Tests Can Include:

  • Vulnerability Scans / Host Collections
  • Network Threat / Vulnerability Modeling (NTVM)
  • Open Source Intelligence / Social Engineering
  • Operational Technology / Survivability Analysis
  • In-Depth Testing of Mission Critical Assets
  • Security Testing of Custom Software
  • Access Controls & Physical Security Testing
  • Computer Network Defense (CND) Posture & Incident Detection
  • Wireless Network Assessment
  • Packet Capture Analysis (PCAP)

Software Safety & Mission Assurance (SMA)

The IV&V Program provides tailored SMA support services to Centers, programs, and projects such as NASA’s
Commercial Crew Program (CCP) program on request. The Program leverages subject matter expertise and other
resources and capabilities developed and used for IV&V.

One such example is Code Quality Risk Assessment (CQRA) which is a methodology for assessing the risk of
software “structural code” by applying a list of analyst questions based on industry best practices, coding standards, metrics, and the use of coding analysis tools. Approximately 350 code-specific attributes are examined across six (6) primary aspects comprised of 29 sub-focus areas to quantify and generate a software code quality risk score. CQRA provides a “heatmap” identifying systemic risks, concerns, or areas that need an increased level of rigor/second look. We have applied the CQRA capability to the software of the Roman Space Telescope (RST), Europa Clipper (EC), and Regenerative Fuel Cell (RFC) projects that produced risked based value-added results.

IV&V Program SMA services include:

  • Software Safety Hazards Analysis
  • Software Quality Code Analysis
  • Software Reliability and Fault Management Analysis
  • Software Security Assurance
  • Software Verification and Validation Testing Support
  • Risk Identification and Mitigation
  • SA Policy and Requirements Development Support
  • SA Document Development Support
  • Alternate Standards Assessments
  • Assessment or Surveillance of IV&V Plans and Execution
  • Cloud Security Assessments
  • System Assessment and Authorization (A&A) Services