Require the developer of the system, system component, or system service to employ tools for comparing newly generated versions of security-relevant hardware descriptions, source code, and object code with previous versions.
Trusted generation of configuration baselines is a cornerstone of developer configuration management for spacecraft software. In practice, this involves building the flight or payload software images within a controlled environment—often referred to as a “trusted build pipeline”—that enforces signed commits, cryptographic hashing, and rigorous code access controls. By ensuring that each artifact is generated under verified conditions, the team can produce a “golden image” as an authoritative reference for on-orbit updates. Any deviation from this known-good baseline is quickly flagged during code-signing or integration checks. For mission-critical deployments, additional measures—like ephemeral build environments and hardware-enforced module separation—can thwart sophisticated supply chain attacks aiming to backdoor the platform. Ultimately, the result is a bulletproof chain of custody from development to launch, giving ground operators and authorizing officials confidence in the integrity of spaceborne executables.
The [organization] shall retain at least two previous versions of all spacecraft associated software on the ground with the capability to restore previous version on the spacecraft.{CM-2(3),CM-3(7),CM-4(2),SA-10,SA-10(4)}
The [organization] shall maintain the integrity of the mapping between the master build data (hardware drawings and software/firmware code) describing the current version of hardware, software, and firmware and the on-site master copy of the data for the current version.{CM-6,SA-8(21),SA-8(30),SA-10,SA-10(3),SA-10(4),SA-10(5),SI-7(10),SR-4(4)}