Courtesy: ISO/IEC 40180:2017 Information technology
Standards development information
This standard was first published in November 2009. A revision of this standard was published in October 2015.
Steve Klos is the editor of 19770-2 and works for 1E, Inc as a SAM Subject Matter Expert.
Non-profit organizational support
In 2009, a non-profit organization called TagVault.org was formed under IEEE-ISTO to press for using SWID tags. TagVault.org acts as a registration and certification authority for ISO/IEC 19770-2 software identification tags (SWID tags) and will provide tools and services allowing all SAM ecosystem members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible. SWID tags can be created by anyone, so individuals and organizations are not required to be part of TagVault.org to create or distribute tags.
Commercial organizational support
Numerous Windows installation packaging tools utilize SWID tags including:
- Caphyon’s Advanced Installer
- Flexera Software’s InstallShield
- Flexera Software’s InstallAnywhere
- Open Source – Windows Installer XML Toolset (WiX)
Many software discovery tools already utilize SWID tags, including Altiris, Aspera SmartCollect, DeskCenter Management Suite, Belarc’s BelManage, Sassafras Software’s K2-KeyServer, Snow Inventory, CA Technologies discovery tools, Eracent’s EnterpriseAM, Flexera Software’s FlexNet Manager Platform, HP’s Universal Discovery, IBM Endpoint Manager, Microsoft’s System Center 2012 R2 Configuration Manager, and Loginventory.
Adobe has released multiple versions of their Creative Suites and Creative Cloud products with SWID tags.
Symantec has also released multiple products that include SWID tags and is committed to helping move the software community to a more consistent and normalized approach to software identification and eventually to a more automated approach to compliance.
Microsoft Corporation has been adding SWID tags to all new releases of software products since Windows 8 was released.
IBM started shipping tags with some software products in early 2014, but as of November, all releases of IBM software include SWID tags. This equates to approximately 300 product releases a month that include SWID tags.
Governmental support
The US federal government has identified 19770-2 SWID tags as an important aspect of the efforts necessary to manage compliance, logistics and security software processes. The 19770-2 standard is included on the US Department of Defense Information Standards Registry (DISR) as an emerging standard as of September 2012. The National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) in 2015 discussed the need for SWIDs in the marketplace.
Standards development organization support
The Trusted Computing Group (TCG) is developing a standard TNC SWID Messages and Attributes for IF-M Specification that utilizes tag data for security purposes.
The National Cybersecurity Center of Excellence (NCCoE) has documented the Software Asset Management Continuous Monitoring building block that specifies how SWID tags are used for the near real-time identification of software.