14 CFR §417.123

1. (a)A launch operator must document a system safety process that identifies the hazards and assesses the risks to public health and safety and the safety of property related to computing systems and software.
2. (b)A launch operator must identify all safety-critical functions associated with its computing systems and software. Safety-critical computing system and software functions must include the following:
   1. (1)Software used to control or monitor safety-critical systems.
   2. (2)Software that transmits safety-critical data, including time-critical data and data about hazardous conditions.
   3. (3)Software used for fault detection in safety-critical computer hardware or software.
   4. (4)Software that responds to the detection of a safety-critical fault.
   5. (5)Software used in a flight safety system.
   6. (6)Processor-interrupt software associated with previously designated safety-critical computer system functions.
   7. (7)Software that computes safety-critical data.
   8. (8)Software that accesses safety-critical data.
   9. (9)Software used for wind weighting.
3. (c)A launch operator must conduct computing system and software hazard analyses for the integrated system.
4. (d)A launch operator must develop and implement computing system and software validation and verification plans.
5. (e)A launch operator must develop and implement software development plans, including descriptions of the following:
   1. (1)Coding standards used;
   2. (2)Configuration control;
   3. (3)Programmable logic controllers;
   4. (4)Policy on use of any commercial-off-the-shelf software; and
   5. (5)Policy on software reuse.