Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Software Identification (SWID) Tagging

SWID Tag Utilities and Schema

Additional resources are available for the following SWID Tag specification revisions:

ISO/IEC 19770-2:2015 Resources

SWID Tag Validation Tool

NIST has developed a SWID Tag validation tool that can be used to verify that a produced SWID has properly implemented the requirements defined in NISTIR 8060. This tool can validate different types of SWID Tags that are used in different stages of the software lifecycle:

SWID Tags that pass this validation tool provide support for license management as well as multiple cybersecurity use cases including:

  • Detecting unauthorized changes to software installation media (corpus tags),
  • Preventing the installation of unauthorized or corrupted software (corpus tags),
  • Detecting unauthorized changes to installed software (primary tags and patch tags), and
  • Identifying vulnerable software that needs to be updated or patched (primary tags and patch tags).

The SWID Tag Validation (SWIDVal) Tool Version 0.5.0 (Posted July 2017) is available in (ZIP) and (TAR/BZ2) archive releases.

XML Schema Files

What is a schema?

 

Created February 05, 2018, Updated June 20, 2018