Software Tagging for Government Agencies
Presidential executive order #13103 specifies that all government agencies must have accurate software inventories and must be in compliance with software license contracts.
The consensus audit guidelines (CAG) specify that governmental organizations ensure they can automatically and reliably track every software title installed and used on every system, validate that it's a known and approved title and securely and independently verify the publisher.
How effectively are you managing to comply with these rules, and how many resources does your organization use to do so?
Software Tagging for Inventory Management and License Compliance
Maintaining a complete and accurate software inventory and checking this data against purchasing and licensing records demand automated processes. Without automation, the task is impossible, as unknown numbers of computers in the enterprise change their installed software and configurations each day.
Current discovery and SAM tools try various automated approaches to software identification, but none of these approaches provides fully accurate information, and the results are not independently tested and verified. TagVault.org is working with software publishers and tools developers to address these critical software management needs.
TagVault.org is a non-profit organization formed as a program of IEEE-ISTO. TagVault.org is the registration authority for ISO/IEC 19770-2 software identification tags (SWID tags). SWID tags are the key to automated software asset management. They are small XML files shipped and installed with software products. Discovery tools use the information contained in the tags to definitively identify installed software. Additional tools can then reconcile inventory records against purchasing and licensing data to ensure compliance.
With SWID tags in place, tools that inventory software and report on it can offer intelligence such as determining the United Nations Standard Products and Services Code® (UNSPSC) for each piece of installed software. UNSPCSCs can then be used to group applications by function, simplifying accounting processes and allowing for intelligent analysis to consolidate the software in use across an organization.
Software Tagging for Software Assurance
TagVault.org-certified software identification tags support automated process to comply with CAG controls by allowing publishers to provide accurate application identification details and provide independent and secure verification of the data. There is currently no market solution that supports the automated, independent verification of software publishers and installed software to prove it has not been tampered with between publication and installation. With support for certified software tags, automated tools can identify installed software and validate that it is from the advertised publisher and has not been tampered with.
How TagVault.org Helps
By acting as the registration and certification authority for SWID tags, TagVault.org serves as the foundation for new software assurance and software asset management processes that allow you to comply with presidential executive orders and CAG.
By working with software tools providers, TagVault.org helps ensure that new tools will support the requirements of government agencies and other software consumers.
TagVault.org works with government agencies to help you learn what to specify in RFP documents, and what to negotiate into software contracts to ensure you receive software that will allow software titles and publishers to be accurately and securely identified.
By working with software consumers and SAM practitioners, TagVault.org helps organizations develop processes to meet their requirements efficiently and effectively.
TagVault.org is also compiling a repository of software identification tags for legacy software applications, extending the ability to authoritatively identify software to older applications already in the marekt. TagVault.org also provides a central location which members of the SAM eco-system can share, ensuring that tools and processes evolve to meet the needs of the entire community.
Free Membership For Government Organizations
By joining TagVault.org, you gain access to the information and tools you need to validate your installed software, and automatically gather its inventory for reconciliation with licensing and purchasing records. There is no cost for government organizations to join TagVault.org. Download the membership form now.
Read the press release announcing new government programs.