Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST Released the final version of NISTIR 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
April 25, 2016

NIST is pleased to announce the release of NIST Interagency Report (NISTIR) 8060Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. This report provides an overview of the capabilities and usage of Software Identification (SWID) tags as part of a comprehensive software life cycle. As defined by the ISO/IEC 19770-2 standard, SWID tags support numerous applications for software asset management (SAM) and information security management. This publication introduces SWID tags in an operational context, provides guidance for the creation of interoperable SWID tags, and highlights key usage scenarios for which SWID tags are applicable. The application of this guidance supports reliable, standardized software inventory and discovery methods that help organizations achieve cybersecurity and SAM objectives. Application of SWID tags also supports automation for accurate and timely SAM reporting and continuous monitoring of IT software assets.

Created December 21, 2016, Updated May 15, 2017