Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

Waltermire, David; Cheikes, Brant; Feldman, Larry; Witte, Gregory

doi:https://doi.org/10.6028/NIST.IR.8060

NISTIR 8060

Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

Documentation Topics

Date Published: April 2016

Author(s)

David Waltermire (NIST), Brant Cheikes (MITRE), Larry Feldman (G2), Gregory Witte (G2)

Abstract

This report provides an overview of the capabilities and usage of software identification (SWID) tags as part of a comprehensive software lifecycle. As instantiated in the International Organization for Standardization/International Electrotechnical Commission 19770-2 standard, SWID tags support numerous applications for software asset management and information security management. This report introduces SWID tags in an operational context, provides guidelines for the creation of interoperable SWID tags, and highlights key usage scenarios for which SWID tags are applicable.

Keywords

software; software asset management; software identification (SWID); software identification tag

Control Families

Audit and Accountability; Configuration Management; Maintenance; Media Protection; Planning; System and Communications Protection; System and Information Integrity; System and Services Acquisition

Documentation

Publication:
NISTIR 8060 (DOI)
Local Download

Supplemental Material:
Guideline Summary for NISTIR 8060 (xls)
Schema Definition for NISTIR 8060 (other)

Related NIST Publications:
NISTIR 8085 (Draft)
ITL Bulletin

Document History:
04/22/16: NISTIR 8060 (Final)

Topics

Security and Privacy
audit & accountability; planning; security automation

Technologies
software & firmware

Laws and Regulations
Federal Information Security Modernization Act