Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 1(19) Cross reference tables for H ProgSäk (E) and DO-178B A comparison has been made between requirement areas covered by H ProgSäk (E) and DO-178B respectively. Tables for correspondences and differences are presented below. An exact mapping of requirements from one document on associated requirements of another document is not possible. Formulation, structuring and refinement of the requirements within a specific area will always differ between compared documents. The presented tables are therefore only indicative of where matching requirement areas can be found. Section 1 summarizes the main differences between the compared documents. Section 2 contains tables for all requirements of H ProgSäk1, each identified by a unique label (cf. “Legend”). Section 3 includes requirements of DO-178B not covered by H ProgSäk (E). Section 4 and 5 present acronyms and references used in this document. 1. Comparisons between H ProgSäk (E) and DO-178B Both H ProgSäk and DO-178B include guidelines as well as requirements for safety-critical software and describe processes for development of such software. DO-178B requires a System Safety Assessment Process (SSA), which not is described in DO-178B or in any of its referenced documents. Software Life Cycle Process - DO-178B Planning Input from System Life Cycle Process System Requirements allocated to SW, SW Level, Design Constraints, HW Definition Software Planning Process SCM Records, SCM Index, SW Life Cycle Environment Configuration Index, Traceability, Archive SQA Records Design Description, SW architecture & low-level requirements Source Code, compiler instructions, linking&loading data Executable Object Code Verification Cases & Procedures SW Verification Cases, Procedures & Results Baseline Integral Verification process Integration process Object code Products Prototyping Coding process Source code highlevel SW Requirements Data, high-level requirements & derived requirements Design process Source code Source code Requirement process sw architecture System req alloc to sw, hw interfaces, system architecture Iterations Previously developed SW Low-level req Development SW Development Process SW code std Problem Reports SW design std Plans SW req std Resources test env compiler dev env SW Code std. SW Design std SW Req. std. SW CM Plan Standards SW QA plan Quality Assurance SW Verification plan Configuration Management SW Development plan SW Certification plan SW Development Environment SW Verification Result Configuration Management process Quality Assurance process Certification Liaison process SW Accomplishment Summary Ouput to System Life Cycle Process Fault Containment Boundaries, Error Sources identified/ eliminated, SW requirements & architecture 1 Basic requirements (i.e. requirements common to safety-critical as well as non-critical software) are found in H ProgSäk: Chap. 5. General safety requirements for software can be found in H ProgSäk: Chapters 2-4. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 2(19) DO-178B specifies requirements for: x A Certification Liaison Process aiming towards an airworthiness certificate. x Project plans for the development project including plans for development, verification, configuration management (CM), and quality assurance (QA). The planning involves establishment of standards for requirement specification, design and coding. x The processes for requirements, design, coding and integration x The support processes for verification, configuration management and quality assurance x Documentation to be produced within the defined processes. DO-178B defines Failure Condition Categories and Software Levels. Some guidance for technical solutions and how to handle COTS and reused software is provided. DO-178B is not a complete lifecycle standard but a complement focused on safety-critical issues for projects developing software for airborne equipment. H ProgSäk requires also a system safety process, described and specified in H SystSäk for the parties involved in procurement of systems for the Swedish Armed Forces (FM), e.g. the FM, the Defence Materiel Administration (FMV), and the Industry. H SystSäk includes safety requirements for all types of systems, the activities and organisation of the system safety work, methods for safety analyses and how to specify and refine the requirements on system and component level. H SystSäk also describes how to attain, maintain and verify safety requirements on system level during development, operation and disposal. For development of safety-critical software the 1996 edition of H SystSäk2 refers to unspecified sectors of the MIL-STD-498 and the DOD-STD-2168 standards. Society: The public tolerance of deaths and injuries expressed in laws and ordinances. FM specifies the tolerable risk level for a new FM system in a TTFO/ TTEM. FMV produces a system specification including safety requirements. Industry applies a system safety methodology on the system under development and compiles the safety effort in a SCA. FMV produces a Safety Statement, including recommended Safety Restrictions. FM issues a Safety Release/ BOA including Safety Restrictions. H ProgSäk specifies safety requirements for the entire software lifecycle from the conceptual phase to development, operation, maintenance and retirement of the safety-critical software. The 2001 edition of H ProgSäk refers to specific parts of the software lifecycle standard IEC 12207 and the software quality standard ISO 9000-3. Compared to DO-178B, H ProgSäk covers a larger part of the lifecycle, specifying more detailed requirements for the lifecycle processes, the software products and their stakeholders. H ProgSäk also contains explanations of different software safety concepts, discussions on various safety issues, safety analysis techniques suitable for software as well as overviews and comparisons between safety standards and handbooks of interest to the defence sector. 2 A new version is planned. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 3(19) 2. DO-178B compliance with H ProgSäk (E) requirements Compliances and differences in relation to requirements areas covered by H ProgSäk (E). Legend: Column Explanation H ProgSäk Id x H ProgSäk Id is a unique requirement identity consisting of 3 parts: q The 1st part (6.) is a unique number for the handbook H ProgSäk within FMV. q The 2nd part is the section number in H ProgSäk where the requirement statement is found. q The 3rd part is letter K followed by the sequence number for the requirement in the section. x For a H ProgSäk Id associated to a basic requirement1 a reference is given to the section in table 5.1 or 5.2 where the basic requirement is listed (e.g. “6.321K1: Cf. 5.2.2.1”). x A single H ProgSäk Id addressing several sections in ISO/IEC 12207 is below refined by appending the section number within quotes (e.g. 6.5121K1 ”6.3” in Table 5.1). One table entry per section is provided (see table 5.1 below). A further refinement into subsections is made if needed for the comparison (e.g. 6.5223K1 ”6.4.2.1” in Table 5.2). Critic. x The criticality categories for which the requirement H ProgSäk Id applies are specified: q H(igh), M(edium), L(ow) for software of high, medium or low criticality, q B(asic) for a requirement relevant to safety-critical as well as non-critical software. DO-178B x References to matching requirements in DO-178B are provided in the following format: paragr. a) Specified references are either one or a few direct references to matching sections in DO178B, or a broader reference to an entire chapter (the latter denoted “Chap.”). b) A parenthesized reference means that the referred section is in the spirit of the H ProgSäk requirement, but without any obvious match. c) “-“ denotes that the requirement area is not at all covered by DO-178B (further explanations may then be provided in the “Comments” column). d) “+” indicates that matching DO-178B references are listed in the subtable specified in the “Comments” column (may be relevant to a H ProgSäk Id representing a basic requirement). Comments x The column includes remarks concerning q the type of partial coverage that the specified DO-178B reference involves (case a-b above), q requirement areas not covered by DO-178B (case c above), q the subtable in this document, where –for a basic requirement– matching DO-178B sections are listed (case d above), or q other explanations or exceptions. DO-178B x Capital letters A-D in references to DO-178B Annex A refers to DO-178B software levels. Annex A x Letters in reverse background denotes software lifecycle data which must be created with independence (from the developing organisation). A blank in any of the first 3 columns in the tables below is a sign of omission, which should be solved. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 4(19) H ProgSäk E Chapter 2. CLIENT/END-USER (FM) 2.1 Personnel H ProgSäk Id 6.21K1 6.21K2 6.21K3 Critic. HML HML HML DO-178B paragr. - Comments on DO-178B No requirements for the client. DO-178B Annex A. H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B 2.2.1 System safety planning, management and assessment No requirements for the client. 6.221K1 HML 6.221K2a HML 6.221K2b HML 6.221K2c HML - DO-178B Annex A. 2.2 Control processes 2.3 The FM Defence Materiel Acquisition Process H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B DO-178B Annex A. H ProgSäk Id Critic. DO-178B paragr. 2.4.1 TTFO, TFOTM (TTEM, TEMU) 6.241K1 HML 6.241K2 HML 6.241K3 HML 6.241K4 HML 6.241K5 HML - Comments on DO-178B DO-178B Annex A. No requirements 2.4 Products No requirements for the client. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 5(19) Chapter 3. ACQUIRER (FMV) 3.1 Personnel H ProgSäk Id 6.31K1 Critic. DO-178B paragr. HML - Comments on DO-178B No requirements for the purchaser. DO-178B Annex A. H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B 3.2.1 Project planning, management and assessment 6.321K1: Cf. HML 5.2.2.1 B No requirements for the purchaser. 3.2.2 System safety planning, management and assessment 6.322K1 HML No requirements for the purchaser. 6.322K2 HML 6.322K3 HML 6.322K4 HML 6.322K5 HML 3.2.3 Quality control 6.323K1: Cf. HML 5.2.2.2 B No requirements for the purchaser. 3.2.4 Quality assurance 6.324K1: See HML No requirements for the purchaser. 5.1.2.1 B 6.324K2a HML 6.324K2b HML 6.324K2c HML 6.324K2d HML 6.324K2e HML - DO-178B Annex A. 3.2 Control processes 3.3 The FMV Defence Materiel Acquisition Process H ProgSäk Id DO-178B paragr. Comments on DO-178B 3.3.1 Studies 3.3.2 Procurement 6.332K1: See HML 5.1.3.1 B No requirements for the purchaser. 3.3.3 Operation and Maintenance (Lifecycle Management, LCM) 6.333K1: See HML 5.1.3.2 B No requirements for the purchaser. 3.3.3.1 Modifications of a completed system No requirements for the purchaser. 6.3331K1 HML 6.3331K2 HML 6.3331K3 HML 6.3331K4 HML 3.3.4 Disposal DO-178B Annex A. 3.4 Products H ProgSäk Id DO-178B paragr. 3.4.1 Statement of Work (SOW) 6.341K1 HML - Comments on DO-178B No requirements for the purchaser. DO-178B Annex A. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 6(19) 3.4 Products H ProgSäk Id DO-178B paragr. Comments on DO-178B 6.341K2 H 6.341K3 HML 6.341K4 HM 6.341K5 H 6.341K6 HML 6.341K7 HML 3.4.2 Time Plans (Operational Plans) (TP) 3.4.3 Lifecycle Management Support (LCMS) 6.343K1a HML No requirements for the purchaser. 6.343K1b HML 6.343K2 H 3.4.4 Technical Specification (TS) No requirements for the purchaser. 6.344K1 HML 6.344K2 HML 6.344K3 H 6.344K4 HML 6.344K5 HM 6.344K6 HML - DO-178B Annex A. H ProgSäk E Chapter 4. SUPPLIER 4.1 Personnel H ProgSäk Id 6.41K1 6.41K2a 6.41K2b 6.41K3 6.41K4 6.41K5 6.41K6 6.41K7 6.41K8 6.41K8a 6.41K8b 6.41K8c 6.41K8d Critic. HML HML HML H M HM HML HML HML H M L HML DO-178B paragr. - Comments on DO-178B Requirements for personnel can only be derived from the process requirements. DO-178B Annex A. 4.2. Control processes H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B 4.2.1 Project planning, management and assessment 6.421K1: See HML 5.2.2.1 B + See 5.2.2.1 6.421K2 HML No requirements for staff. 4.2.2 System safety planning, management and assessment DO-178B Annex A. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 7(19) 4.2. Control processes H ProgSäk Id 6.422K1 Critic. DO-178B paragr. HML - 4.2.3 Quality control 6.423K1: See HML 5.2.2.2 B 4.2.4 Quality assurance 6.424K1: See HML 5.2.2.3 B + 6.424K2 HML 6.3, 6.4 4.2.5 Configuration management 6.425K1a: See HML 7.1a 5.2.2.4 B + 6.425K1b: See HML 7.2.9 5.2.2.4 B + 6.425K1c: See HML 11.0h 5.2.2.4 B + Comments on DO-178B A System Safety Program Plan (SSPP) is assumed to exist on the level above the one addressed by DO-178B. DO-178B Annex A. See 5.2.2.3 See 5.2.2.4 See 5.2.2.4 See 5.2.2.4 4.3. Production processes H ProgSäk Id 6.43K1: See 5.2.3 6.43K2 Critic. DO-178B paragr. HML B + H 1.1 Comments on DO-178B DO-178B Annex A. See 5.2.3 A SSA Process is assumed to exist on the level above the one addressed by DO-178B. 6.43K3 H 6.43K4 H 4.3.1 Development model 6.431K1: See HML 5.2.3.1 B + See 5.2.3.1 4.3.2 Development methodology 6.432K1: See HML 5.2.3.2 B + See 5.2.3.2 4.3.2.1 Formal methods 6.4321K1 HM 12.3.1 6.4321K2 HML (6.4.1a) Does not cover formal methods. 4.3.2.2 Verifications 4.3.2.2.1 Reviews (manual verification) 6.43221K1 HML 6.3 4.3.2.2.2 Static analysis (source code verification) 6.43222K1 HML 6.3.4 6.43222K2a HML 6.3.4b 6.43222K2b HML 6.3.4d 6.43222K2c HML 6.3.4d 6.43222K2d HM 6.3.4d 6.43222K2e H (6.3.4f) 6.43222K3 HML 11.14 4.3.2.2.3 Behaviour analysis A-5.2(ABC) A-5.4(ABC) A-5.4(ABC) A-5.4(ABC) A-5.6(ABC) Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 8(19) 4.3. Production processes H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B 4.3.2.2.4 Object code analysis 6.43224K1 H (6.4.4.2b), 6.1d, 12.2 6.43224K2 H 11.14 4.3.2.2.5 Dynamic analysis (verification by test) 6.43225K1: HML See 5.2.3.3 B + See 5.2.3.3 6.43225K2 HML 2.1.1 Safety requirements are handled as high-level requirements allocated to software. Different test levels not explicitly addressed. 6.43225K3a HML 6.4 6.43225K3b HM 6.4 6.43225K3c H 6.4 6.43225K4a HML 6.43225K4b HML 6.43225K4c HML 6.43225K5 HM 6.4.4.2a, 6.4.4.3c-d 6.43225K6 H 6.4d, 6.4.4.2a, 6.4.4.3a 6.43225K7 H Same as 6.43225K6 in the spirit of DO-178B. 6.43225K8 HML 6.4.4.1b, 6.4.4.2a, DO-178B has no specific requirements for testing 6.4.4.3a of multiple simultaneous error conditions. 6.43225K9 HML No requirement for when testing shall be conducted. 6.43225K10 HML 6.4.4.2a, 6.4.4.3a 6.43225K11 6.43225K12 HML HM 6.4.2.2 6.4.4.3c-d DO-178B Annex A. A-7.7(ABC) A-7.6(AB) A-7.7(ABC) A-7.6(AB) A-7.7(ABC) A-7.6(AB) A-7.7(ABC) Deals with all code which is not used in operational modes. 6.43225K13 HML 6.4.4.3d 6.43225K14 HML 6.2c, 6.4.1a The term final test does not exist in DO-178B. 6.43225K15 HML 6.43225K16 HML 4.3.2.2.6 Statistical failure analysis – Failure forecasting 6.43226K1 H 6.43226K2 H 4.3.2.2.7 Resource analysis 6.43227K1 HML 6.43227K2 HML 6.3.1c, 6.3.2c 6.43227K3 HML 6.4.3a-bullit-2 6.43227K4 HML 6.4.3a 4.3.3. Software safety analysis SSA is not part of DO-178B. 6.433K1 HML 6.433K2 HML 6.433K3 HML 6.433K4 HML 6.433K5 H 6.433K6 HML 6.433K7 HM 6.433K8 HML - A-4-3(AB) Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 9(19) 4.3. Production processes H ProgSäk Id 6.433K9 6.433K10 6.433K11 6.433K12 6.433K13 Critic. H HML HML HML HML DO-178B paragr. - Comments on DO-178B DO-178B Annex A. Comments on DO-178B DO-178B Annex A. 4.4 Production environment H ProgSäk Id Critic. DO-178B paragr. 4.4.1 Support tools 4.4.1.1 Configuration management system 6.4411K1 HM Chap. 7 6.4411K2: See HML 5.2.4.1.1 B + 4.4.1.2 Failure reporting system 6.4412K1 HML 7.2.3 6.4412K2: See HML 5.2.4.1.2 B + 6.4412K3 HML (7.2.3) 6.4412K4 HML 4.4.1.3 Requirement management tools 6.4413K1 H (6.3.1f, 6.3.2f, 6.3.4e) 6.4413K2a H 6.4413K2b H 4.4.2 Software tools 6.442K1a HML 6.442K1b H DO-178B dictates no requirements for tools. Tools are however necessary to fulfill the requirements. See 5.2.4.1.1 DO-178B only covers software development and documentation for the continued life-cycle. DO-178B dictates no requirements for tools. See 5.2.4.1.2 However not nearly as detailed as in 4412K3. No requirements for how tools shall work. DO-178B dictates that requirements shall be traceable. There is however no requirement for any tools. (7.1h) (7.1h) 4.4 12.2 6.442K2 H 6.442K3 HML 6.442K4 HML 4.4.2.1 Formal tools 6.4421K1 HML 4.4.2.2 Code generators 6.4422K1 H 6.4422K2 HM 12.2.1a-b (12.2) - 6.4422K3 6.4422K4 6.4422K5 6.4422K6 6.4422K7 H HML HML HML HM 12.2 12.2 4.4.2c 4.4.2c (12.2) 6.4422K8 L 4.4.2a No requirements for independent qualification nor for official standards. Necessary SSA done outside DO-178B. 12.2 4.4.1, 12.2 (12.2.3.2) Known bugs can be perceived as an operational limitation. DO-178B allows any optimization as long as such are qualified. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 10(19) 4.4 Production environment H ProgSäk Id Critic. DO-178B paragr. 6.4422K9 H 6.4422K10 H 6.4422K11 ML 4.4.2b, 6.4.4.2b 4.4.2.3 Static and dynamic analysis tools 6.4423K1 HM 6.4423K2 HM 6.4423K3 HML 4.4.3 Emulated target machine 6.443K1 HML 4.4.3 6.443K2 HML (12.2.3) 6.443K3 HML - Comments on DO-178B DO-178B Annex A. A-7.7(ABC) DO-178B dictates no requirements for usage of tools. DO-178B does not dictate any minimum level of similarity between target and emulator. DO-178B requires qualified tools to be documented. Not explicitly stated in DO-178B, however understood. 4.5 Products H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B DO-178B Annex A. 4.5.1 Standard products – Reused components – Off the shelf items 6.451K1 H 12.1.6 6.451K2a ML (12.3.5) 6.451K2b ML 6.451K2c ML 12.1.4, 11.3i, 6.451K3 HML 12.1 6.451K4 HML 6.451K5 HML 2.3.1 The requirement is true for all software. Falls within possibly necessary tasks to satisfy 6.451K6 HML (12.1) 12.1, but not nearly this detailed in DO-178B. 6.451K7 HML 6.451K8 HML 6.451K9 HML 6.451K10 HM 6.451K11 HM 6.451K12 HML 6.451K13 HML Regression tests are not mentioned in DO-178B. It 6.451K14a HML 12.1, 7.2.4d, 7.2.5b, 11.3h is however in practice necessary to achieve a 6.451K14b HML certification if changes are made. 6.451K14c HML 6.451K14d HML 6.451K14e HML 4.5.2 New software development 4.5.2.1 Specification 6.4521K1: See HML 5.2.5.2.1 B + See 5.2.5.2.1 6.4521K2 H 5.1.2h, 5.1.2i, 5.1, 5.5 6.4521K3 M 5.1.2h, 5.1.2i, 5.1, 5.5 4.5.2.2 Software architecture / top level design 6.4522K1 HML 2.3 Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 11(19) 4.5 Products H ProgSäk Id Critic. DO-178B paragr. 4.5.2.3 Fundamental design principles 6.4523K1 HML 4.1e, 4.5c, 5.2.2a 6.4523K2 HML 2.1, 5.2.2c-e, 11.10 6.4523K3 HML 4.5.2.4 Safety-oriented design principles 4.5.2.4.1 General principles 6.45241K1 HML 4.5c, 6.3.3d-e, 6.3.4c-d 6.45241K2 HML 6.45241K3 HML 6.45241K4 HML 6.45241K5 HML 7.2.1, 11.4 6.45241K6 HML 2.3.1 Comments on DO-178B DO-178B Annex A. A-1.5(ABC) A fraction of this is covered in 11.10.l Follows automatically from using DO-178B. No strict correspondence between DO-178B partitioning and SW configuration items in general. In a general sense. 6.45241K7 HM (5.1.2a) 6.45241K8 HM 6.45241K9 HML 6.4.4.3c 6.45241K10 HM 6.4.4.3c 6.45241K11 HML 6.4.4.3d 6.45241K12 HM 5.5c, 6.4.4.3d 4.5.2.4.2 Risk reduction 6.45242K1a HML 2.1.2, How to handle risks is part of the SSA and not described in DO-178B. 6.45242K1b HML 6.45242K1c HML 6.45242K2 HM 2.3.3c 6.45242K3 HML 6.45242K4 HML 6.45242K5 HML 2.3.1 6.45242K6 HML 2.3.1 6.45242K7 ML 2.3.3c 6.45242K8 H 2.3.3 No requirement for physical separation. 6.45242K9 HML SSA not part of DO-178B. 4.5.2.4.3 Resource and time allocations (real-time) - Scheduling algorithms 6.45243K1 HML 6.3.2c, 6.3.4f, 6.4.2.2e 6.45243K2 HML No requirement for memory allocation. 4.5.2.4.4 Defensive programming DO-178B contains no instructions on defensive 6.45244K1 HML programming. 6.45244K2 HML 6.45244K3 HML 6.45244K4 HML 6.45244K5 HML 6.45244K6 HML 6.45244K7 HML 6.45244K8 HML 6.45244K9 HML 6.45244K10 HML 6.45244K11 HML - Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 12(19) 4.5 Products H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B DO-178B Annex A. 6.45244K12 H 4.5.2.4.5 Error handling - Error recovery - Fault tolerance Must be handled in external system requirements 6.45245K1 HML or design standards. 6.45245K2 HML 6.45245K3 HML 6.45245K4 HML 6.45245K5 HML 6.45245K6 HM 6.45245K7 HML 6.45245K8 HML 6.45245K9 HML 4.5.2.5 Language and language constructs 6.4525K1 HML 12.2 6.4525K2 HML 6.4525K3 HML 11.8 6.4525K4 HML 6.4525K5 HML 6.4525K6 HML 6.4525K7 HML 6.4525K8 HML 6.4525K9 HML 6.4525K10 HML 6.4525K11 HML 6.4525K12a HML 6.4525K12b HML 6.4525K12c HML 6.4525K13a HML 6.4525K13b HML 6.4525K13c HML 6.4525K13d HML 6.4525K13e HML 4.5.2.6 Language constraints 6.4526K1 HML 4.5c, 11.8 6.4526K2 HML 11.8a 6.4526K3 HM 6.4526K4 HML 4.5.2.7 Coding Instructions 6.4527K1a HML 11.8 6.4527K1b HML 11.8b, 11.8c 6.4527K1c HML 11.8d 6.4527K1d HML 11.8e 6.4527K1e HML 11.8 Not explicitly mentioned but may very well be part of a good coding standard. 6.4527K2 HML 6.4527K3 HML 6.3.4d 4.5.2.8 Interfaces 6.4528K1 HML 6.4528K2 HM 6.4528K3 HML - Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 13(19) 4.5 Products H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B DO-178B Annex A. 6.4528K4 HML 6.4528K5 HML 6.4528K6 HML 6.4528K7 HML 6.4528K8 HML 6.4528K9 HML 6.4528K10 HML 6.4528K11 HML 6.4528K12 HML 6.4528K13 HML 6.4528K14 HML 6.4528K15 HM 6.4528K16 HML 6.4528K17 HML 6.4528K18 HML 6.4528K19 HM 6.4528K20 HM 6.4528K21 HML 6.4528K22 HML 6.4528K23 HM 6.4528K24 M 6.4528K25 H 6.4528K26 HML 6.4528K27 HML 4.5.2.9 Detailed design 4.5.2.10 Test software for operation and maintenance 6.45210K1 HML 6.45210K2 HML 6.4.4.3d 6.45210K3 HML 6.45210K4 HML 4.5.2.11 Implementation / Code 4.5.2.12 Changes during production 6.45212K1a HML 7.2.5b SSA is not part of DO-178B. 6.45212K1b HML 7.2.5 6.45212K1c HML 6.45212K1d HML 7.2.4b 6.45212K1e HML 12.1.1, 11.3h Regression tests are not explicitly mentioned. 6.45212K1f HML 12.1.1, 11.3h Regression tests are not explicitly mentioned. 4.5.2.13 Documentation / Information 6.45213K1: HML See 5.2.5.2.2 B + See 5.2.5.2.2 6.45213K2 HML 11.20 DO-178B defines the “Software Accomplishment Summary” as the primary data item to show compliance with the “Plan for Software Aspects of Certification”. Aimed to airworthiness certification of SW controlled equipment. 6.45213K3 HM (Chap. 7) No strict requirements addressing the level of granularity. 6.45213K4 L (Chap. 7) Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 14(19) 4.5 Products H ProgSäk Id Critic. DO-178B paragr. Comments on DO-178B 4.5.2.13.1 Development 6.452131K1a HML 11.9-11.14 Approximately 11.9, 11.10. 6.452131K1b HML 11.9-11.14 In particular 11.10 4.5.2.13.2 System Lifecycle Management (LCM) 6.452132K1a HML 6.452132K1b HML 6.452132K1c HML 6.452132K1d HML 6.452132K1e HML 6.452132K1f HML 6.452132K1g HML 6.452132K1h HML 4.5.2.13.3 Software maintenance 6.452133K1a HML 6.452133K1b HML 4.5.2.13.4 Documentation list 4.5.3 Target computer environment 6.453K1a HML 2.3.3 6.453K1b HML (2.3.3) 6.453K1c HML 4.5.3.1 Operating and run-time systems 6.4531K1 HML 6.4531K2 HML 2.4f 2.4f deals with all COTS (including O/S). 6.4531K3 HML 2.4f 2.4f deals with all COTS (including O/S). 6.4531K4 HML 6.4531K5: See HML 5.2.5.3.1 B 6.4531K6a HML 6.4531K6b HML 6.4531K6c HML 4.5.3.2 Hardware equipment 6.4532K1 HML - DO-178B Annex A. H ProgSäk E Chapter 5. BASIC REQUIREMENTS 5.1 Acquirer H ProgSäk Id DO-178B paragr. Comments on DO-178B 5.1.1 Personnel (blank section) 5.1.2 Control processes 5.1.2.1 [3.2.4. Quality assurance] 6.5121K1”6.3” No requirements for the purchaser. 6.5121K1”6.4” 6.5121K1”6.5” 6.5121K1”6.6” 6.5121K1”6.7” 5.1.3. The FMV Defence Materiel Acquisition Process DO-178B Annex A. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 15(19) 5.1 Acquirer H ProgSäk Id DO-178B paragr. Comments on DO-178B 5.1.3.1 [3.3.2. Procurement] 6.5131K1 No requirements for the purchaser. 5.1.3.2 [3.3.3. Operation and Maintenance (Lifecycle Management, LCM)] 6.5132K1 No requirements for the operational phase. 6.5132K2 - DO-178B Annex A. 5.2. Supplier H ProgSäk Id DO-178B paragr. Comments on DO-178B 5.2.1 Personnel (blank section) 5.2.2 Control processes 5.2.2.1 [4.2.1. Project planning, management and assessment] 6.5221K1 “7.1” Chap. 4 DO-178B does not cover project management tasks such as time schedules, resource allocation, responsibilities, costs or progress reports. 6.5221K2a Resource and time estimates are not covered by DO-178B. 6.5221K2b Chap. 4 6.5221K2c Chap. 4 4.4.1 Environment, 4.4.2 Language and compilers. See also 12.2 Tool Qualification. 6.5221K2d Chap. 4 6.5221K2e DO-178B does not explicitly cover stepwise development. 6.5221K2f Covered at some extent in additional considerations 12.1 6.5221K2g DO-178B does not explicitly handle how-to introduce corrections with respect to regression tests. 5.2.2.2 [4.2.3. Quality control] DO-178B does not cover any general QA-system. 6.5222K1 6.5222K2 5.2.2.3 [4.2.4. Quality assurance] 6.5223K1 ”6.3” Chap. 8 DO-178B SQA-process dictates no requirements for the commercial contracts, staff knowledge/training or for any general organisational QA-system (e.g. ISO9001). 6.5223K1 ”6.4.2.1” (Contr. verif.) 6.5223K1 4.6 ”6.4.2.2” (Process verif.) 6.5223K1 6.3.1, 6.3.2 ”6.4.2.3” (Req:s verif.) DO-178B Annex A. A-1.1 (ABCD) A-1.2 (ABC) A-1.3 (ABC) A-1.4 (ABCD) A-1.5 (ABC) A-1.7 (ABC) A-9.1 (ABCD) A-9.2 (AB) A-9.3 (ABCD) A-1.6 (ABC) A-1.7 (ABC) A-3.1 (ABCD) A-3.2 (ABCD) A-3.3 (AB) A-3.4 (ABC) A-3.5 (ABC) A-3.6 (ABCD) A-3.7 (ABC) A-4.1 (ABC) A-4.2 (ABC) A-4.3 (AB) A-4.4 (AB) A-4.5 (ABC) A-4.6 (ABC) A-4.7 (ABC) Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 16(19) 5.2. Supplier H ProgSäk Id 6.5223K1 “6.4.2.4” DO-178B paragr. 6.3.3 Comments on DO-178B (Design verif.) 6.5223K1 “6.4.2.5” 6.3.4 (Code verif.) 6.5223K1 6.3.5 “6.4.2.6” (Integr. verif.) 6.5223K1 Chap. 11 “6.4.2.7” (Doc. verif.) 6.5223K1 ”6.5” - 9.0 Certification Liaison Process covers the aspects of presenting records to authorities for certification. 6.5223K1 ”6.6” 6.5223K1 ”6.7” 8.2d, 8.3 5.2.2.4 [4.2.5. Configuration management] 6.5224K1 ”6.2” Chap. 7 6.5224K2 7.1b 5.2.3 [4.3. Production process] 6.523K1 “5.3” Chap. 3 5.2.3.1 [4.3.1. Development model] 6.5231K1 Chap. 5 6.5231K2 Chap. 5, 3.3 See also 6.5221K2c A-8.1 (ABCD A-8.2 (ABCD) A-8.3 (ABCD) A-8.4 (ABCD) A-8.5 (ABCD) A-8.6 (ABCD) IEC 12207 Development Process is in general covered in the DO-178B life-cycle processes. DO-178B does not specify a development process in detail. 5.2.3.2 [4.3.2. Development methodology] 6.5232K1 Chap.5, 4.5 DO-178B does not specify any methodology. 4.5 does however call for specifying standards to be used. 5.2.3.3. Verifications [4.3.2.2.5. Dynamic analysis (verification by test)] 6.5233K1 6.4.4.1 3 DO-178B Annex A. A-4.8 (ABC) A-4.9 (ABC) A-4.10 (AB) A-4.11 (AB) A-4.12 (ABC) A-4.13 (ABCD) A-5.1 (ABC) A-5.2 (ABC) A-5.3 (AB) A-5.4 (ABC) A-5.5 (ABC) A-5.6 (ABC) A-5.7 (ABC) A-2.1 (ABCD) A-2.2 (ABCD) A-2.3 (ABCD) A-2.4 (ABCD) A-2.5 (ABCD) A-2.6 (ABCD) A-2.7 (ABCD) A-1.5 (ABC)3 A-7.3 (ABCD) A-7.4 (ABC) Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 17(19) 5.2. Supplier H ProgSäk Id 6.5233K2 6.5233K3 6.5233K4 6.5233K5 DO-178B paragr. 4.3-bullit-3, 11.3 7.2.4d, 11.3h 6.4 6.5233K6 6.5233K7 6.5233K8 6.5233K9 6.5233K10 6.5233K11 11.3c 6.4 6.4d 6.4.4.2a 6.5233K12a 6.5233K12b 6.5233K13a 6.5233K13b 6.4.2.1a, 6.4.2.2a 6.4.2.1a 6.4.2.2c (6.4b) 6.5233K13c 6.5233K13d 6.5233K13e 6.5233K13f 6.4.2.2 6.4.2.2 6.4.2 Comments on DO-178B No requirements for during which phases. DO-178B specifies the test levels HW/SW, SW integration and object code level. In DO-178B all tests must be formal (as in contrast to ad-hoc). DO-178B does not cover the precise activities. DO-178B does not cover the precise activities. A-7.5 (A) A-7.6 (AB) A-7.7 (ABC) A-7.8 (ABC) If a feature = requirement specified functionality, it will be covered in the requirement based testing. If performance is considered a requirement, it will be covered in the requirement based testing. DO-178B does not explicitly cover recovery. 6.5233K13g 6.5233K14 6.2 5.2.4. Production environment 5.2.4.1. Support tools 5.2.4.1.1 [4.4.1.1. Configuration management system] 6.52411K1 Chap. 7 DO-178B dictates no requirements for tools. Tools are however necessary to fulfill the requirements. 5.2.4.1.2 [4.4.1.2. Failure reporting system] 6.52412K1 DO-178B dictates no requirements for a Problem Resolution Process. 7.2.3 and 7.2.4 stipulates that the CMprocess shall provide control over such tasks. 6.52412K2 7.2.3, 11.17 DO-178B does not dictate any requirements for 6.52412K3 organisation, staff or roles. 6.52412K4 6.52412K5 5.2.5. Products 5.2.5.1 Standard product (blank section) 5.2.5.2 New software development 5.2.5.2.1 [4.5.2.1. Specification] 6.52521K1 5.1.2 6.52521K2 5.1.2h, 5.5 DO-178B dictates no explicit traceability requirements for defect reports. 4 See also 6.5221K2b DO-178B Annex A. A-1.1 (ABCD)4 A-8.3 (ABCD) Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 18(19) 5.2. Supplier H ProgSäk Id DO-178B paragr. Comments on DO-178B 6.52521K3 5.1.2e 5.2.5.2.2 [4.5.2.13. Documentation / Information] 6.52522K1 DO-178B only dictates content and purpose of documents (life-cycle data), not how to produce and maintain such. 6.52522K2 11.0 DO-178B does not explicitly dictate that documentation must be correct and current. It will however not pass verification unless it is. 6.52522K3 (11.10d) 5.2.5.3. Target computer environment 5.2.5.3.1 [4.5.3.1. Operating and run-time system] 6.52531K1a 6.52531K1b 6.52531K1c 6.52531K1d 6.52531K1e 6.52531K1f - DO-178B Annex A. Organisation Title Document id KC Ledsyst Cross reference tables for H ProgSäk (E) and DO-178B KC Ledsyst 14910:41371/04 Name Phone Date Rev Inga-Lill Bratteby-Ribbing, FMV Peter Nummert, Lennart Öhman, S&T 018-12 02 63 08-587 623 00 2005-04-06 2.1 Page 19(19) 3. Features in DO-178B not covered by H ProgSäk A summary of areas or requirements covered by DO-178B but not by H ProgSäk. H ProgSäk divergence from DO-178B DO-178B Requirement section 2.4 System Considerations for User-Modifiable Software 2.5 System design Considerations for Field-Loadable software 9.0 Certification Liaison Process 10.0 Overview of Aircraft and Engine Certification 12.3.2 Exhaustive Input Testing 12.3.5 Product Service History DO-178B requirement number 2.4a-d Comments on H ProgSäk sections Modified COTS addressed in 4.5.1 2.5 9.0 10.0 12.3.2 12.3.5 4. Acronyms BOA/SR CM COTS FM FMV QA Software Level SS SSA TTEM/TTFO Beslut om Användning /Safety Release (Decision on system usage issued by FM) Configuration Management Commercial Of The Shelf Försvarsmakten (the Swedish Armed Forces) Försvarets Materielverk (the Swedish Defence Materiel Administration) Quality Assurance Criticality category defined in DO-178B Safety Statement (a formal safety approval by FMV submitted to FM) System Safety Assessment. DO-178B assumes a SSA process (System Lifecycle process) generating input to the Software Life Cycle processes. Taktisk Teknisk Ekonomisk Målsättning / Tactical Technical Financial Objective Swedish Armed Forces requirements for defence materiel purchasing 5. References [1] Försvarsmaktens handbok för programvara i säkerhetskritiska tillämpningar, M7762-000531, H ProgSäk 20015. [2] Handbook for Software in Safety-Critical Applications, M7762-000621-7, H ProgSäk E (English version)6. [3] Försvarsmaktens handbok för Systemsäkerhet, M7740-784851, H SystSäk 1996. [4] System Safety Manual, M7740-784861, H SystSäkE 19966. [5] Information technology – Software life cycle processes, ISO/IEC 12207, 1995. [6] Software Considerations in Airborne Systems and Equipment Certification, RTCA DO-178B, Dec. 1, 1992. 5 6 See http://www.fmv.se under “Publikationer: Handböcker: H ProgSäk 2001”. A translation from Swedish of previous reference (for H ProgSäk E see web site listed in footnote 5 under ‘Engelsk version’).
© Copyright 2026 Paperzz