Line 88: | Line 88: | ||
==ISO/IEC 19770-3: Software entitlement tag== |
==ISO/IEC 19770-3: Software entitlement tag== |
||
ISO/IEC 19770-3 will provide a software asset management (SAM) data standard for software licensing entitlement tags. Software entitlement tags are computer files that provide authoritative identifying information about software licensing rights. |
ISO/IEC 19770-3 will provide a software asset management (SAM) data standard for software licensing entitlement tags. Software entitlement tags are computer files that provide authoritative identifying information about software licensing rights. |
||
ISO/IEC 19770-3 focuses on capturing and defining the information necessary to describe how software may be used, known as the entitlement. This standard will provide a framework and criterion of measurement for creating unambiguous definitions of entitlements. The -3 tags will assist in effective software licensing reconciliation, demonstration of compliance, software cost reduction, and proof of ownership. |
|||
The ISO/IEC 19770-3 Other Working Group ("OWG")<ref>[http://www.sassafras.com/iso/ Web site from the working group developing the 19770-3 standard]</ref> was convened by teleconference call on 9 September 2008. |
The ISO/IEC 19770-3 Other Working Group ("OWG")<ref>[http://www.sassafras.com/iso/ Web site from the working group developing the 19770-3 standard]</ref> was convened by teleconference call on 9 September 2008. |
||
John Tomeny of Sassafras Software Inc was appointed as the first convener of the ISO/IEC 19770-3 Other Working Group by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21), followed by Krzysztof (Chris) Baczkiewicz for Eracent. In addition to WG21 members, other participants in the 19770-3 OWG may be any "individuals considered to have relevant expertise by the Convener".<ref>[http://www.sassafras.com/iso/W21N0805.pdf W21N0805 (revision 2): Terms of Reference for ISO/IEC 19770-3 Software Entitlement Tag Other Working Group]</ref> |
John Tomeny of Sassafras Software Inc was appointed as the first convener of the ISO/IEC 19770-3 Other Working Group by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21), followed by Krzysztof (Chris) Baczkiewicz for Eracent. In addition to WG21 members, other participants in the 19770-3 OWG may be any "individuals considered to have relevant expertise by the Convener".<ref>[http://www.sassafras.com/iso/W21N0805.pdf W21N0805 (revision 2): Terms of Reference for ISO/IEC 19770-3 Software Entitlement Tag Other Working Group]</ref> |
||
===Implementation=== |
|||
Standardization of software entitlements provides uniform, measurable data for the license compliance processes of Software Asset Management ("SAM") practice, making it possible to demonstrate ownership of entitlements, reconcile and demonstrate compliance, and optimize licensing for cost reduction. |
|||
===Adoption=== |
|||
For highest value in the market, it is critical for software publishers to provide -2 and -3 tags directly as part of their process. However, both 19770-2 and 19770-3 tags are designed for full implementation by any member of the ITAM ecosystem (end-users, tool providers, service providers, resellers, software publishers, etc.) without dependency on other ecosystem participants. |
|||
Ideally, software manufacturers will include 19770-2 identification tags with their software products and provide 19770-3 entitlement tags through their order fulfillment systems. These process enhancements will help every member of the ITAM ecosystem to accurately identify and manage software usage and entitlement consumption. |
|||
The value of the 19770-2 or the 19770-3 standards does not depend upon software publisher adoption for ITAM practitioners to experience the benefits of this work. Both the 19770-2 tags and the 19770-3 tags can be created/implemented by any member of the ITAM ecosystem. If a software vendor is unable or unwilling to participate, the industry can still produce viable tags. |
|||
End users may build their own 19770-3 tags, both for legacy software and to conduct allocation of entitlements through creation of tags internally within their organization. This provision will make it possible: a) for SAM ecosystem adoption in absence of publisher adoption, and b) to optimize the usefulness of 19770-3 tags for ITAM practitioners (end-users) to effectively reconcile, demonstrate entitlement ownership, and optimize licensing for cost reduction at any operational level within their organization. |
|||
[https://www.linkedin.com/profile/view?id=2942226&authType=NAME_SEARCH&authToken=UDM4&locale=en_US&trk=tyah2&trkInfo=tarId%3A1422909726759%2Ctas%3Ajason%20keogh%2Cidx%3A1-1-1 Jason Keogh] of Alcurian and part of the delegation from Ireland is current convener of 19770-3. |
[https://www.linkedin.com/profile/view?id=2942226&authType=NAME_SEARCH&authToken=UDM4&locale=en_US&trk=tyah2&trkInfo=tarId%3A1422909726759%2Ctas%3Ajason%20keogh%2Cidx%3A1-1-1 Jason Keogh] of Alcurian and part of the delegation from Ireland is current convener of 19770-3. |
Revision as of 20:52, 2 February 2015
ISO/IEC 19770 is an international standard about IT asset management (ITAM). It's day-to-day management comes under ISO/IEC/SC7/WG21, or Working Group 21 (WG21). It is WG21 that is responsible for developing, improving and ensuring market needs are met when developing these standards. The major parts of this ITAM standard are detailed below.
- ISO/IEC 19770-1 is a process framework to enable an organization to prove that it is performing ITAM to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall.
- ISO/IEC 19770-2 provides an ITAM data standard for software identification tags ("SWID").
- ISO/IEC 19770-3 will provide an ITAM data standard for software licensing entitlement tags.
- ISO/IEC 19770-5 provides the overview and vocabulary.
ISO/IEC 19770-1: Processes
ISO/IEC 19770-1 is a framework of Information Technology Asset Management (ITAM) processes to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. ISO/IEC 19770-1 is aligned to Service Management (ISO/IEC 20000-1), and contains 27 process areas, with objectives and detailed outcomes defined for each.
Updates to 19770-1
The first generation was published in 2006. The second generation was published in 2012. It retains the original content (with only minor changes), but splits the standard up into four tiers which can be attained sequentially. These tiers are:
- Tier 1: Trustworthy Data
- Tier 2: Practical Management
- Tier 3: Operational Integration
- Tier 4: Full ISO/IEC SAM Conformance.
This revised standard is designed to allow the implementation of SAM processes to be "accomplished in multiple increments and to that increment most suited to the needs of the organization."[1]
Preview of 19770-1
An overview of the standard is available from ISO and is available in English and French [1].
ISO/IEC 19770-2: Software identification tag
ISO/IEC 19770-2 provides an IT asset management (ITAM) data standard for software identification (SWID) tags. Software ID tags provide authoritative identifying information for installed software or other licensable item (such as fonts or copyrighted papers).
Overview of SWID tags in use
There are three primary methods that may be used to ensure SWID tags are available on devices with installed software:
- SWID tags created by a software publisher, or by an organizations in-house development group are installed with the software and are the most authoritative for identification purposes
- Organizations can make their own SWID tags for any software title that does not include a tag so the organization can more accurately track software installations in their network environment.
- Third party discovery tools may optionally add tags to a device as software titles are discovered.
Providing accurate software identification data improves organizational security, and lowers the cost and increases the capability of many IT processes such as patch management, desktop management, help desk management, software policy compliance, etc.
Discovery tools, or processes that utilize SWID tag data to determine the normalized names and values that are associated with a software application and ensure that all tools and processes used by an organization refer to software products with the same exact names and values.
Standards Development Information
This standard was finalized and published in November 2009.
A revision of this standard is currently in Draft International Standard (see Enquiry Stage). The revision is expected to be published in mid 2015.
Steve Klos is the current editor of the current revision of 19770-2.
Non-profit Organizational Support
In 2009, a non-profit organization called TagVault.org[2] was formed under IEEE-ISTO[3] to evangelize the use of SWID tags. TagVault.org acts as a registration and certification authority for ISO/IEC 19770-2 software identification tags (SWID tags) and will provide tools and services allowing all SAM ecosystem members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible. SWID tags can be created by anyone, so individuals and organizations are not required to be part of TagVault.org to create or distribute tags.
Commercial Organizational Support
Numerous Windows installation packaging tools utilize SWID tags including:
- Caphyon's Advanced Installer
- Flexera Software's InstallShield
- Flexera Software's InstallAnywere
- Open Source - WiX
Many software discovery tools already utilize SWID tags, including Altiris, Aspera License Management, CA Technologies discovery tools, Eracent's EnterpriseAM, Flexera Software's FlexNet Manager Platform, HP's Universal Discovery, IBM Endpoint Manager, Microsoft's System Center 2012 R2 Configuration Manager.
Adobe has released multiple versions of their Creative Suites products with SWID tags. Symantec has also released multiple products that include SWID tags and is committed to helping move the software community to a more consistent and normalized approach to software identification and eventually to a more automated approach to compliance.[4]
Microsoft Corporation has been adding SWID tags to all new releases of software products since Windows 8 was released.[5]
IBM started shipping tags with some software products in early 2014, but as of November, all releases of IBM software include SWID tags. This equates to approximately 300 product releases a month that include SWID tags.
Governmental Support
The US Federal government has identified 19770-2 SWID tags as an important aspect of the efforts necessary to manage compliance, logistics and security software processes. The 19770-2 standard is included on the US DoD Information Standards Registry (DISR) as an emerging standard as of September 2012.
Standards Development Organization Support
The Distributed Management Task Force (DMTF) has developed a Software ID Tag Profile that defines how SWID tags are utilized in the Common Information Model .
The Trusted Computer Group (TCG) is developing a standard TNC SWID Messages and Attributes for IF-M Specification that utilizes tag data for security purposes.
The National Cybersecurity Center of Excellence (NCCoE) has documented the Software Asset Management Continuous Monitoring building block that specifies how SWID tags are used for the near real-time identification of software.
The National Institute of Standards and Technology (NIST) is in the process of creating documentation that specifies how SWID tags will be used by Governmental organizations and the Department of Homeland Security. David Waltermire presented information describing the NIST Security Automation Program and how SWID tags can support that effort.
ISO/IEC 19770-3: Software entitlement tag
ISO/IEC 19770-3 will provide a software asset management (SAM) data standard for software licensing entitlement tags. Software entitlement tags are computer files that provide authoritative identifying information about software licensing rights.
ISO/IEC 19770-3 focuses on capturing and defining the information necessary to describe how software may be used, known as the entitlement. This standard will provide a framework and criterion of measurement for creating unambiguous definitions of entitlements. The -3 tags will assist in effective software licensing reconciliation, demonstration of compliance, software cost reduction, and proof of ownership.
The ISO/IEC 19770-3 Other Working Group ("OWG")[6] was convened by teleconference call on 9 September 2008.
John Tomeny of Sassafras Software Inc was appointed as the first convener of the ISO/IEC 19770-3 Other Working Group by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21), followed by Krzysztof (Chris) Baczkiewicz for Eracent. In addition to WG21 members, other participants in the 19770-3 OWG may be any "individuals considered to have relevant expertise by the Convener".[7]
Implementation
Standardization of software entitlements provides uniform, measurable data for the license compliance processes of Software Asset Management ("SAM") practice, making it possible to demonstrate ownership of entitlements, reconcile and demonstrate compliance, and optimize licensing for cost reduction.
Adoption
For highest value in the market, it is critical for software publishers to provide -2 and -3 tags directly as part of their process. However, both 19770-2 and 19770-3 tags are designed for full implementation by any member of the ITAM ecosystem (end-users, tool providers, service providers, resellers, software publishers, etc.) without dependency on other ecosystem participants.
Ideally, software manufacturers will include 19770-2 identification tags with their software products and provide 19770-3 entitlement tags through their order fulfillment systems. These process enhancements will help every member of the ITAM ecosystem to accurately identify and manage software usage and entitlement consumption.
The value of the 19770-2 or the 19770-3 standards does not depend upon software publisher adoption for ITAM practitioners to experience the benefits of this work. Both the 19770-2 tags and the 19770-3 tags can be created/implemented by any member of the ITAM ecosystem. If a software vendor is unable or unwilling to participate, the industry can still produce viable tags.
End users may build their own 19770-3 tags, both for legacy software and to conduct allocation of entitlements through creation of tags internally within their organization. This provision will make it possible: a) for SAM ecosystem adoption in absence of publisher adoption, and b) to optimize the usefulness of 19770-3 tags for ITAM practitioners (end-users) to effectively reconcile, demonstrate entitlement ownership, and optimize licensing for cost reduction at any operational level within their organization.
Jason Keogh of Alcurian and part of the delegation from Ireland is current convener of 19770-3.
ISO/IEC 19770-5: Overview and Vocabulary
ISO/IEC 19770-5:2013 provides an overview of Information Technology Asset Management (ITAM), which is the subject of the ISO/IEC 19770 family of standards, and defines related terms.
ISO/IEC 19770-5:2013 contains:
- an overview of the ISO/IEC 19770 family of standards;
- an introduction to SAM;
- a brief description of the foundation principles and approaches on which SAM is based; and
- consistent terms and definitions for use throughout the ISO/IEC 19770 family of standards.
ISO/IEC 19770-5:2013 is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations).
Preview of 19770-5:2013
The overview and vocabulary can be previewed at ISO.
=
References
- ^ International Standard ISO/IEC 19770-1:2012 (2012-06-13). "Information technology — Software asset management-- Part 1: Processes and tiered assessment of conformance" (Document). International Organization for Standardization and International Electrotechnical Commission. p. vi.
{{cite document}}
: Cite has empty unknown parameters:|coeditors=
,|editor-first=
,|editor-last=
,|coauthors=
,|contribution=
,|format=
, and|accessdate=
(help); Unknown parameter|url=
ignored (help)CS1 maint: numeric names: authors list (link) - ^ Web site for TagVault.org
- ^ Website for IEEE-ISTO
- ^ see http://www.tagvault.org/sites/default/files/SYMC%20ISO-IEC%2019770-2%20Position%20Statement%2012-2-2010.pdf
- ^ Microsoft SWID Tagging Information Page
- ^ Web site from the working group developing the 19770-3 standard
- ^ W21N0805 (revision 2): Terms of Reference for ISO/IEC 19770-3 Software Entitlement Tag Other Working Group
External links
- Official WG21 web site
- Business Software Alliance
- Distributed Management Task Force
- Industry Standards and Technology Organization (IEEE-ISTO)
- International Association of Information Technology Asset Managers
- International Business Software Managers Assoc. (IBSMA)
- National Cybersecurity Center of Excellence
- National Institute for Standards and Technology
- TagVault.org
- Trusted Computing Group