TagVault.org is the certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard and validates that software publishers are known entities and that the publishers follow a specified set of requirements for providing software identification information. TagVault.org digitally signs specific elements of the software identification tags in a manner that allows third party organizations to independently and authoritatively validate that elements of the certified tag have not been modified. This gives government agencies, and other software users, confidence that the software installed on their computers has not been tampered with and is the correct software for each user’s respective role. This increased security for software installations through accurate and authoritative identification allows government agencies to automate compliance with the consensus audit guidelines (CAG) and the NIST 800-53 controls as they relate to software.
“Certified software identification tags have the ability to dramatically increase the visibility of IT assets government-wide, while increasing security and operational efficiencies, and reducing the costs of government ITAM operations”, said Alan Vander Mallie, Federal ITAM Program Manager of GSA. “The GSA program is looking forward to seeing software tags in use by all software vendors as soon as possible and is looking for federal agencies to share their tagging requirements. In the context of open and transparent Government, an organization such as TagVault.org allows federal agencies to participate directly with industry towards the common goal of increasing the compliancy and security of its assets. Software tagging efforts and the open exchange of tagging requirements support the basic tenets of the GSA IT asset management program (www.gsa.gov/
“Government members of TagVault.org will learn what they can do to ensure the software they purchase can be easily managed, as well as using the information to securely identify known software in their network,” said Steve Klos, executive director of TagVault.org. “TagVault.org is excited to provide this new membership program to government agencies and look forward to the seeing the benefits of certified tags providing benefits to both government and commercial organizations.”
TagVault.org is attending the Government Technology Research Alliance in Pennsylvania in December. The organization has also made the new government membership programs available on its membership forms and will be holding a webinar specifically for Government organizations on December 17th, 2009 at 10 AM Pacific to discuss the benefits of specifying the requirement for certified software identification tags in RFPs and software contracts.
For more information, please go to www.tagvault.org.
# # #
TagVault.org is the certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard. Formed as a non-profit organization under IEEE-ISTO, TagVault.org provides a library of software tools, technical knowledge and communications forums that decrease the costs of creating, managing and using software identification tags. TagVault.org's certification process ensures tags fully conform to the specification while also ensuring that all terms used in the tag are standardized. Certified software identification tags are digitally signed and time-stamped using a certificate issued by VeriSign—ensuring the accuracy of tag data that any third party can validate. Certified software identification tags lower the cost of software asset management for all SAM eco-system members.
All these benefits make software asset management less costly, less complex and directly support efforts that lower organizational security risk through knowledge and identification.