TagVault is moving beyond standards and into practicality

The TagVault API is being designed in concert with various industry partners so that the API can be put to practical, real-world, use securing our systems from 2020 and beyond. The API’s focus is threefold:

  1. Support current and upcoming regulations and standards that call for the identification of hardware and software, along with associated configuration guidance.
  2. Create a trusted repository of organizations certified to establish and maintain software and hardware identifiers along with associated configuration guidance.
  3. Create a trusted repository of certified software and hardware identifiers along with associated configuration guidance.

The API will be released and open to the public through standard API marketplaces.

Built for today and the future

The TagVault API structure is founded on JSON-LD and in keeping with Schema.org and OSCAL structures where appropriate. It maintains a slightly derivative JSON-LD format as some of the guidance from both Schema.org and OSCAL are not sustainable in the real world.

The TagVault API is being built to immediately align all hardware and software identifiers with the United Nations Standard Products and Services Codes, as well as immediately integrate all association configuration guidance with the Unified Compliance Framework’s Common Controls.

Supporting current standards and regulations

The TagVault API structure will initially follow (as closely as practical) the following standards and guidelines:

  • ISO/IEC 19770–1, Information technology — IT asset management — Part 1: IT asset management systems — Requirements, Third Edition, 2017–12
  • ISO/IEC 19770–2, Information technology — Software asset management — Part 2: Software identification tag, Second edition 2015–10–01, Corrected version 2017–02
  • NISTIR 7696, Common Platform Enumeration: Name Matching Specification, 2.3
  • NISTIR 8085 (DRAFT), Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
  • NISTIR 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
  • NISTIR 7695, Common Platform Enumeration: Naming Specification, 2.3
  • NIST Open Security Controls Assessment Language (OSCAL): V. 1.0.0


The documentation for TagVault’s API can be found at http://go.tagvault.org/start