The US National Institute of Standards and Technology (NIST) is working on an internal report (NIST-IR) that lays out the specific guidelines for how the US Government expects to use the data form SWID tags. This publication includes details on how data will be used from an operational perspective and provides a number of use-cases focused on end-user scenarios. The overarching goal is to ensur that software publishers understand end-user requirements to ensure SWID tags can provide the data required to automate IT Administrative processes that, today, are largely manual processes.
The report is focused on both Cybersecurity and Software Asset Management requirements.
The report can be found on the NIST website at this URL: http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8060.
Be aware that until this NIST-IR is published, the team working on this document would love to receive the public’s feedback on how these requirements meet your operational needs, or if there are requirements or scenarios that are not yet defined and should be added to the document.
To provide feedback, send e-mails to – NISTIR8060firstname.lastname@example.org with the subject, “Comments Draft NISTIR 8060”.