NIST Looking for Public Comment on SWID Tag Guidelines

NIST has release NIST-IR-8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags for public comment.  The following is the abstract from the document:

This guidance provides an overview of the capabilities and usage of Software Identification (SWID) tags as part of a comprehensive software life cycle. As instantiated in the ISO/IEC 19770-2 standard, SWID tags support numerous applications for software asset management and information security management. This publication introduces SWID tags in an operational context, provides guidance for the creation of interoperable SWID tags, and highlights key usage scenarios for which SWID tags are applicable.

Download the document here – http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8060

The document will go through numerous rounds of public review, and this particular review period closes June 15th, 2015.  I would encourage anyone who’s interested in learning about SWID tags, or knowing more about some of the usage scenarios, to download and read this document – if you find issues, please provide feedback to NIST.

TagVault.org is also working to develop a SWID Tag Interoperability Requirements document that will work in concert with the NIST-IR to make the development of SWID tags easier and more automated for software vendors while providing the data required in the NIST-IR.  TagVault.org member organizations can be involved in the development efforts to create the document which will be publically available and which will form the requirements for any future certification requirements (note certification will be optional and will generally be of interest to large software vendors who automate their software release process).