Hooepage Cybersecuritv Cyberpace Menschen
Nachrichtendienste kybernetische Waffen Bildung
Fachberichte BSI / Deutschland NIST / USA NIST / DRAFTNIST - WeissbuchJuornal - ArtikelSP 800... NIST
Original

Deutsch

July 22, 2015

NIST IR 8060

DRAFT (Second Draft) Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

NIST is pleased to announce the second public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags.
 
This report provides an overview of the capabilities and usage of Software Identification (SWID) tags as part of a comprehensive software life cycle. As defined by the ISO/IEC 19770-2 standard, SWID tags support numerous applications for software asset management (SAM) and information security management. This publication introduces SWID tags in an operational context, provides guidance for the creation of interoperable SWID tags, and highlights key usage scenarios for which SWID tags are applicable. The application of this guidance supports reliable, standardized software inventory and discovery methods that help organizations achieve cybersecurity and SAM objectives. Application of SWID tags also supports automation for accurate and timely SAM reporting.
 
For this draft iteration, review should be focused on the overall document, especially the requirements defined in sections 3 and 4. Specific attention should be given to any inline questions in the report. These questions represent areas where feedback is needed to complete this report.
 
Please send comments to NISTIR8060-comments@nist.gov with “Comments Draft NISTIR 8060” in the subject line. Comments will be accepted through August 7, 2015.

Second Public Draft NISTIR 8060 (600 KB)




Abstract

This report provides an overview of the capabilities and usage of software identification (SWID)
tags as part of a comprehensive software lifecycle. As instantiated in the International
Organization for Standardization (ISO)/International Electrotechnical Commission (ISO/IEC)
19770-2 standard, SWID tags support numerous applications for software asset management and
information security management. This report introduces SWID tags in an operational context,
provides guidelines for the creation of interoperable SWID tags, and highlights key usage
scenarios for which SWID tags are applicable.