Software Identification (SWID) Tagging SWID

SWID Tag Utilities and Schema

Additional resources are available for the following SWID Tag specification revisions:

• ISO/IEC 19770-2:2015 Revision

ISO/IEC 19770-2:2015 Resources

SWID Tag Validation Tool

NIST has developed a SWID Tag validation tool that can be used to verify that a produced SWID has properly implemented the requirements defined in NISTIR 8060. This tool can validate different types of SWID Tags that are used in different stages of the software lifecycle:

SWID Tags that pass this validation tool provide support for license management as well as multiple cybersecurity use cases including:

• Detecting unauthorized changes to software installation media (corpus tags),
• Preventing the installation of unauthorized or corrupted software (corpus tags),
• Detecting unauthorized changes to installed software (primary tags and patch tags), and
• Identifying vulnerable software that needs to be updated or patched (primary tags and patch tags).

The SWID Tag Validation (SWIDVal) Tool Version 0.7.0 (Posted January 2022) is available in (ZIP) and (TAR/BZ2) archive releases.

XML Schema Files

What is a schema?

• ISO/IEC 19770-2:2015 Schema (XSD 1.0) - September 2015 - xsd:import statements use absolute URLs
• SWID Tag Extensions from NISTIR 8060 (XSD 1.0) - April 2016 - xsd:import statements use relative URLs