ISO/IEC 19770-2 Published
After three years of work the ISO/IEC 19770-2 standard has been published by ISO.
I think this is a great initiative and the team behind the ISO standard have done some great work.
It is now all about the execution – the best thing end users can do to make sure the standard is successful is to be bullish with their software vendors, dig their heels in, and insist that their suppliers adopt the standard. I hope to publish more resources over the coming months on the ITAM Review on how to work ISO/IEC 19770-2 requirements into your contracts and tenders.
Turning Theory Into Practice
TagVault is a key player in this execution. TagVault is a non-profit organisation designed to be a certification authority for software tags. This ensures all tags conform to the standard and use the same terminology. Certified software tags are digitally signed and time-stamped using a certificate issued by Verisign, this means a third party can validate that the tags are accurate and have not been tampered with.
TagVault to Provide Free Membership To Government Agencies
TagVault has announced today that it will be offering free membership to government organisations. These memberships will provide government organizations with access to tools, information and training that make software easier to identify.
Independently verified software is of particular interest to government agencies as it allows automated compliance with the consensus audit guidelines (CAG) and the NIST 800-53 controls as they relate to software.
The TagVault certification process also makes it more efficient for governmental organisations to follow presidential executive order #13103 requiring organisations to be in compliance with software entitlement processes. Intelligent reporting, for example based on the United Nations Standard Product and Services Code (UNSPSC), is one of the elements included in software identification tags. This simplifies the reconciliation with entitlements and purchasing records and provides signficant operational efficiencies and reporting benefits to the organisation.
Commenting on the TagVault initiative, Alan Vander Mallie, Federal ITAM Program Manager of GSA, said:
“The GSA program is looking forward to seeing software tags in use by all software vendors as soon as possible and is looking for federal agencies to share their tagging requirements. In the context of open and transparent Government, an organization such as TagVault.org allows federal agencies to participate directly with industry towards the common goal of increasing the compliancy and security of its assets. Software tagging efforts and the open exchange of tagging requirements support the basic tenets of the GSA IT asset management program : know what you have and who you are buying from, manage and buy smarter, while increasing the overall compliancy of your IT assets”.
Steve Klos, executive director of TagVault stated
“Government members of TagVault.org will learn what they can do to ensure the software they purchase can be easily managed, as well as using the information to securely identify known software in their network. TagVault.org is excited to provide this new membership program to government agencies and look forward to the seeing the benefits of certified tags providing benefits to both government and commercial organizations.”
For more details visit the TagVault Website
- For a quick overview of the whole standard see this article: ARTICLE: SAM Standard (ISO/IEC 19770).
- For further information about Dash 2 see INTERVIEW: Steve Klos “Revolutionising the Identification and Management of Software”
- Purchase a copy of the Standard here
About Martin Thompson
Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.
On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
Learn more about him here and connect with him on Twitter or LinkedIn.