SWID Tag Lifecycle

This diagram shows a simplified software identification tag lifecycle from creation through installation and eventual uninstall.

Tag Lifecycle

 

 Certified Software Identification Tags in Action

When certified tags are discovered , signed data is validated by the tool. This offers a third party validation that the entity claiming to be the publisher is, in fact, the publisher. This also ensures that the data about discovered software as seen by the IT process  is exactly the same data as provided by the publisher. This is particularly important where this information may be used for security validation. The Federal Government has specified that a critical control for organizations using government managed computers have an inventory of authorized and unauthorized software.  In 2016, the Department of Defense IT Standards Registry listed Software ID Tags, as defined in ISO/IEC Standard 19770-2, as mandatory.

Not only does the TagVault.org certified tag provide inventory information, but it also provides information down to the package footprint level. This provides individual file details for all files associated with a software title. Information at this level allows IT processes to filter out any files associated with a recognized installed application allowing organizations that want a very stringent level of software policy applied to their systems to ensure that:

  • Only known software is installed
  • The known software can be validated
  • Any unknown files can very quickly be identified

Join TagVault.org to get your software tags certified, or to gain access to the TagVault.org repository and tools.