Yet another tool vendor has added support for the ISO SAM Standards. The Sassafras K2 product has added support for 19770-2 (SWID) and 19770-3 (Entitlement) standards. See more about their announcement here – http://www.sassafras.com/k2-iso-19770/.
Posts Categorized: Uncategorized
This document defines guidelines for signing SWID tags in support of the [SWID] standard. The standard states that when digitally signing SWID tags, implementors will follow at a minimum the [XMLDSIG] recommendations, use an enveloped signature, add a timestamp per [W3C-XAdES], and include the public signature for the signing entity. This document details and builds… Read more »
SWID Tag Signing Guidelines (Public Review) SWID Tags are more authoritative if they cannot be modified – that requires that the tag is signed. A TagVault.org working group has specified how SWID tags need to be signed. The working group consisted of members from MITRE, NIST, Microsoft and IBM to ensure that the signing approach… Read more »
Software companies hoping to bid on government contracts in the future must now add a set of standards software ID tags to their software. Piscataway, NJ – 10 November 2016 TagVault.org Board Chair, Michael Godsey of Microsoft notes that, “Seeing ISO/IEC standard 19770-2 listed as a mandatory standard on the DoD IT Standards Registry provides… Read more »
NIST-IR 8060 is final and published! The NIST-IR 8060 document was published on Friday, April 22, 2016. NIST, MITRE and the Dept of Homeland Security have worked together to create a set of guidelines that specify the data requirements for SWID tags from commercial software providers that will enable a number of use cases in… Read more »
The National Institute of Standards and Technology (NIST) is pleased to announce a workshop on Software Identification (SWID) Tag Implementation and Use. This event will be held from 9:00 a.m. to 5:00 p.m. on 26 April and 9:00 a.m. to 3:00 p.m. on 27 April at the National Cybersecurity Center of Excellence (NCCoE), 9700 Great Seneca Highway, Rockville, MD.
The Final Draft of the international standard, ISO/IEC 19770-3 was approved by the International Community in February of 2016. This means that the standard moves to an ISO editorial process to ensure it meets all formatting, editorial and other documentation requirements. The standard will be published soon When published, the front matter of the standard… Read more »
If you’re interested in participating in the SWID tag signing working group, login to your members page and add your name to the working group there. If you need details on how to get to the members area, let Jane, or Steve know and we’ll be happy to provide the information you need. If you… Read more »
The US Department of Homeland Security (DHS) recently joined TagVault.org as a board member. This allows the DHS to be engaged with commercial providers such as Microsoft, IBM and Symantec to determine how TagVault.org can best support the wider software community in its efforts to evangelize SWID tags. The reason the DHS joined the TagVault.org board… Read more »
The US National Institute of Standards and Technology (NIST) is working on an internal report (NIST-IR) that lays out the specific guidelines for how the US Government expects to use the data form SWID tags. This publication includes details on how data will be used from an operational perspective and provides a number of use-cases… Read more »