Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Software Identification (SWID) Tagging SWID

SWID Tag Utilities and Schema

Additional resources are available for the following SWID Tag specification revisions:

ISO/IEC 19770-2:2015 Resources

SWID Tag Validation Tool

NIST has developed a SWID Tag validation tool that can be used to verify that a produced SWID has properly implemented the requirements defined in NISTIR 8060. This tool can validate different types of SWID Tags that are used in different stages of the software lifecycle:

SWID Tags that pass this validation tool provide support for license management as well as multiple cybersecurity use cases including:

  • Detecting unauthorized changes to software installation media (corpus tags),
  • Preventing the installation of unauthorized or corrupted software (corpus tags),
  • Detecting unauthorized changes to installed software (primary tags and patch tags), and
  • Identifying vulnerable software that needs to be updated or patched (primary tags and patch tags).

The SWID Tag Validation (SWIDVal) Tool Version 0.7.0 (Posted January 2022) is available in (ZIP) and (TAR/BZ2) archive releases.

XML Schema Files

What is a schema?


Created February 05, 2018, Updated April 24, 2024