scope:

This standard applies to software being acquired, developed, maintained, or reused [legacy, modified, commercial off-the-shelf (COTS), non-developmental items (NDI)]. The term software also includes firmware, microcode, and documentation.

Software V&V processes consist of the verification process and validation process. The verification process provides objective evidence whether the software and its associated products and processes

a) Conform to requirements (e.g., for correctness, completeness, consistency, accuracy) for all life cycle activities during each life cycle process (acquisition, supply, development, operation, and maintenance)

b) Satisfy standards, practices, and conventions during life cycle processes

c) Successfully complete each life cycle activity and satisfy all the criteria for initiating succeeding life cycle activities (e.g., building the software correctly)

The validation process provides evidence whether the software and its associated products and processes

1) Satisfy system requirements allocated to software at the end of each life cycle activity

2) Solve the right problem (e.g., correctly model physical laws, implement business rules, use the proper system assumptions)

3) Satisfy intended use and user needs

The verification process and the validation process are interrelated and complementary processes that use each other's process results to establish better completion criteria and analysis, evaluation, review, inspection, assessment, and test V&V tasks for each software life cycle activity. The V&V task criteria described in Table 1 uniquely define the conformance requirements for V&V processes.

The development of a reasonable body of evidence requires a trade-off between the amount of time spent and a finite set of system conditions and assumptions against which to perform the V&V tasks. Each project should define criteria for a reasonable body of evidence (i.e., selecting a software integrity level establishes one of the basic parameters), time schedule, and scope of the V&V analysis and test tasks (i.e., range of system conditions and assumptions).

This standard does not assign the responsibility for performing the V&V tasks to any specific organization. The analysis, evaluation, and test activities may be performed by multiple organizations; however, the methods and purpose will differ for each organization's functional objectives.

ISO/IEC 12207:1995 [B13] or IEEE/EIA 12207.0-1996 [B12] require that the developer perform various testing and evaluation tasks as an integral part of the development process. Even though the tests and evaluations are not part of the V&V processes, the techniques described in this standard may be useful in performing them. Therefore, whenever this standard mentions the developer's performance of a verification or validation activity, it is to be understood that the reference applies to the integral test and evaluation tasks of the development process.

Purpose

 The purpose of this standard is to

- Establish a common framework for V&V processes, activities, and tasks in support of all software life cycle processes, including acquisition, supply, development, operation, and maintenance processes

- Define the V&V tasks, required inputs, and required outputs

- Identify the minimum V&V tasks corresponding to a four-level software integrity scheme

- Define the content of a software V&V plan (SVVP)