NIST is working on an internal report (NISTIR) focused on the guidelines for the creation of interoperable Software Identification (SWID) Tags. This publication is focused on how SWID tags will be used from an operational perspective and provides a number of use cases focused on end-user scenarios. The overarching goal is to ensure that publishers understand end-user requirements to ensure SWID tags can provide the data required to automate IT Administrative processes that today are largely manual.
The report is focused on both Cybersecurity and Software Asset Management requirements.
The report can be found here – http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8060
NIST is looking for your help! Please review the document and provide your feedback on how these requirements meet your operational needs, or if there are requirements or scenarios that are not yet defined that should be added to the document – let them know!
Comments should be sent to NISTIR8060firstname.lastname@example.org – with the subject “Comments Draft NISTIR 8060”. Comments should be provided by August 7, 2015.