NISTIR 8060
Guidelines for the C reation of
Interoperable Software Identification
(SWID) Tags
D
avid Waltermire
Brant A. Cheikes
Larry Feldman
Greg Witte
This publication is available free of charge from:
http://dx .doi.org/10.6028/NIST.IR.8060
NISTIR 8060
Guidelines for the C reation of
Interoperable Software Identification
(SWID) Tags
David Waltermire
Computer Security Division
Information Technology Laboratory
Br
ant A. Cheikes
The MITRE Corporation
Bedford, Massachusetts
L
arry Feldman
Greg Witte
G2, Inc.
Annapolis Junction, Maryland
T
his publication is available free of charge from:
http://dx .doi.org/10.6028/NIST.IR.8060
A
pril 2016
U.
S. Department of Commerce
Penny Pritzker, Secretary
N
ational Institute of Standards and Technology
Willie May , Under Secretary of Commerce for Standards and Technology and Director
National Institute of Standards and Technology Internal Report 8060
86 pages ( April 2016 )
This publication is available free of charge from:
http://dx.doi.org/10.6028/NIST.IR. 8060
Certain commercial entities, equipment, or materials may be identified in this document in order to describe an
experimental procedure or concept adequately. Such identification is not intended to imply recommendation or
endorsement by NIST, nor is it inte nded to imply that the entities, materials, or equipment are necessarily the best
available for the purpose.
There may be references in this publication to other publications currently under development by NIST in
accordance with its assigned statutory responsibilities. The information in this publication, including concepts and
methodologies, may be used by federal agencies even before the completion of such companion publications. Thus,
until each publication is completed, current requirements, guideline s, and procedures, where they exist, remain
operative. For planning and transition purposes, federal agencies may wish to closely follow the development of
these new publications by NIST.
Organizations are encouraged to review all draft publications duri ng public comment periods and provide feedback
to NIST. Many NIST cybersecurity publications , other than the ones noted above, are available at
http://csrc. nist.gov/publications .
Comments on this publication may be submitted to:
National Institute of Standards and Technology
Attn: Computer Security Division, Information Technology Laboratory
100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899 -8930
Email: nistir8060- comments@nist.gov
All comments are subject to release under the Freedom of Information Act (FOIA).
ii Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for
the cost -effective security and privacy of other than national security- related information in
federal informa tion systems.
Abstract
This report provides an overview of the capabilities and usage of s oftware i dentification (SWID)
tags as part of a comprehensive software lifecycle. As instantiated in the International
Organization for Standardization /International Electrotechnical Commission 19770- 2 standard,
SWID tags support numerous applications for software asset management and information security management. This report introduces SWID tags in an operational context, provides
guidelines for the creation of interoperable SWID tags, and highlights key usage scenarios for
which SWID tags are applicable
NIST.IR.8060
安全标准 >
NIST >
文档预览
中文文档
86 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共86页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:16:39上传分享