ISO/IEC 40180:2017 Information technology

Courtesy: ISO/IEC 40180:2017 Information technology

The National Institute of Standards and Technology (NIST) is in the process of creating documentation that specifies how SWID tags will be used by governmental organizations including the Department of Homeland Security. David Waltermire presented information describing the NIST Security Automation Program and how SWID tags can support that effort.

The National Institute of Standards and Technology (NIST) published “Guidelines for the Creation of Interoperable Software Identification (SWID) Tags“, NISTIR 8060, April 2016.

This part of ISO/IEC 19770 provides a technical definition of an XML schema that can encapsulate the details of software entitlements, including usage rights, limitations and metrics.

The primary intentions of 19770-3 are:

  1. To provide a basis for common terminology to be used when describing entitlement rights, limitations and metrics
  2. To provide a schema which allows effective description of rights, limitations and metrics attaching to a software license.

The specific information provided by an entitlement schema (ENT) may be used to help ensure compliance with license rights and limits, to optimize license usage and to control costs. Though ENT creators are encouraged to provide the data that allow for the automatic processing, it is not mandated that data be automatically measurable. The data structure is intended to be capable of containing any kind of terms and conditions included in a software license agreement.

This part of ISO/IEC 19770 supports ITAM processes as defined in ISO/IEC 19770-1 It is also designed to work together with software identification tags as defined in ISO/IEC 19770-2. Standardization in the field of software entitlements provides uniform, measurable data for both the license compliance, and license optimization, processes of SAM practice.

This part of ISO/IEC 19770 does not provide requirements or recommendations for processes related to software asset management or ENTs. The software asset management processes are in the scope of ISO/IEC 19770-1.

Standards development information

The ISO/IEC 19770-3 Other Working Group (“OWG”) was convened by teleconference call on 9 September 2008.

John Tomeny of Sassafras Software Inc served as the convener and lead author of the ISO/IEC 19770-3 “Other Working Group” (later renamed the ISO/IEC 19770-3 Development Group). Mr Tomeny was appointed by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21) together with Krzysztof Bączkiewicz of Eracent who served as Project Editor concurrent with Mr. Tomeny’s leadership. In addition to WG21 members, other participants in the 19770-3 Development Group served as “individuals considered to have relevant expertise by the Convener”.

Jason Keogh of 1E and part of the delegation from Ireland is the current editor of 19770-3.

ISO/IEC 19770-3 was  on April 15, 2016.