Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Second Draft NISTIR 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
July 22, 2015

NIST is pleased to announce the second public comment release of NIST Internal Report (NISTIR) 8060Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
 
This report provides an overview of the capabilities and usage of Software Identification (SWID) tags as part of a comprehensive software life cycle. As defined by the ISO/IEC 19770-2 standard, SWID tags support numerous applications for software asset management (SAM) and information security management. This publication introduces SWID tags in an operational context, provides guidance for the creation of interoperable SWID tags, and highlights key usage scenarios for which SWID tags are applicable. The application of this guidance supports reliable, standardized software inventory and discovery methods that help organizations achieve cybersecurity and SAM objectives. Application of SWID tags also supports automation for accurate and timely SAM reporting. 
 
For this draft iteration, review should be focused on the overall document, especially the requirements defined in sections 3 and 4. Specific attention should be given to any inline questions in the report. These questions represent areas where feedback is needed to complete this report. 
 
Please send comments to NISTIR8060-comments@nist.gov with “Comments Draft NISTIR 8060” in the subject line. The comment period closed August 7, 2015.

Created December 21, 2016, Updated August 17, 2017