July 22, 2015
NIST IR 8060
DRAFT (Second Draft) Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NIST is pleased to announce the second public
comment release of NIST Internal Report (NISTIR) 8060, Guidelines
for the Creation of Interoperable Software Identification (SWID) Tags.
This report provides an overview of the capabilities and usage of
Software Identification (SWID) tags as part of a comprehensive software
life cycle. As defined by the ISO/IEC 19770-2 standard, SWID tags
support numerous applications for software asset management (SAM) and
information security management. This publication introduces SWID tags
in an operational context, provides guidance for the creation of
interoperable SWID tags, and highlights key usage scenarios for which
SWID tags are applicable. The application of this guidance supports
reliable, standardized software inventory and discovery methods that
help organizations achieve cybersecurity and SAM objectives. Application
of SWID tags also supports automation for accurate and timely SAM
reporting.
For this draft iteration, review should be focused on the overall
document, especially the requirements defined in sections 3 and 4.
Specific attention should be given to any inline questions in the
report. These questions represent areas where feedback is needed to
complete this report.
Please send comments to
NISTIR8060-comments@nist.gov with “Comments Draft NISTIR 8060” in
the subject line. Comments will be accepted through
August 7, 2015.
Abstract This report provides an overview of the capabilities and usage of software identification (SWID) tags as part of a comprehensive software lifecycle. As instantiated in the International Organization for Standardization (ISO)/International Electrotechnical Commission (ISO/IEC) 19770-2 standard, SWID tags support numerous applications for software asset management and information security management. This report introduces SWID tags in an operational context, provides guidelines for the creation of interoperable SWID tags, and highlights key usage scenarios for which SWID tags are applicable. |