The developer shall perform software configuration management in accordance with the following requirements.
Note: If a system or CSCI is developed in multiple builds, the software products of each build may be refinements of, or additions to, software products of previous builds. Software configuration management in each build should be understood to take place in the context of the software products and controls in place at the start of the build.
The developer shall participate in selecting CSCIs, as performed under system architectural design in 5.4.2, shall identify the entities to be placed under configuration control, and shall assign a project-unique identifier to each CSCI and each additional entity to be placed under configuration control. These entities shall include the software products to be developed or used under the contract and the elements of the software development environment. The identification scheme shall be at the level at which entities will actually be controlled, for example, computer files, electronic media, documents, software units, configuration items. The identification scheme shall include the version/ revision/release status of each entity.
The developer shall establish and implement procedures designating the levels of control each identified entity must pass through (for example, author control, project-level control, acquirer control); the persons or groups with authority to authorize changes and to make changes at each level (for example, the programmer/analyst, the software lead, the project manager, the acquirer); and the steps to be followed to request authorization for changes, process change requests, track changes, distribute changes, and maintain past versions. Changes that affect an entity already under acquirer control shall be proposed to the acquirer in accordance with contractually established forms and procedures, if any.
Note: A number of requirements in this standard refer to "project-level or higher configuration control." If "project-level" is not a level of control selected for the project, the software development plan should state how these requirements map to the selected levels.
The developer shall prepare and maintain records of the configuration status of all entities that have been placed under project-level or higher configuration control. These records shall be maintained for the life of the contract. They shall include, as applicable, the current version/revision/release of each entity, a record of changes to the entity since being placed under project-level or higher configuration control, and the status of problem/change reports affecting the entity.
The developer shall support acquirer-conducted configuration audits as specified in the contract.
Note: These configuration audits may be called Functional Configuration Audits and Physical Configuration Audits.
The developer shall establish and implement procedures for the packaging, storage, handling, and delivery of deliverable software products. The developer shall maintain master copies of delivered software products for the duration of the contract.
Translator: Simon Wright simon@pogner.demon.co.uk
Last updated: 22.iii.99