Piscataway, NJ – December 7, 2009 – TagVault.org, a non-profit program of IEEE-ISTO, announced today that it will provide free general memberships to government organizations. These memberships will provide governmental organizations with access to tools, information and training that make software easier to identify, therefore simplifying the process of managing software entitlement compliance and strengthening operational security with respect to software.
TagVault.org is the certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard. Certification validates that software publishers are known entities and that the publishers follow a specified set of requirements for providing software identification information. TagVault.org digitally signs specific elements of the software identification tags in a manner that allows third party organizations to independently and authoritatively validate that elements of the certified tag have not been modified. This gives government agencies, and other software users, confidence that the software installed on their computers has not been tampered with and is the correct software for each user’s respective role. This increased security for software installations through accurate and authoritative identification allows government agencies to automate compliance with the consensus audit guidelines (CAG) and the NIST 800-53 controls as they relate to software.
TagVault.org’s certification process also makes it more efficient for governmental organizations to follow presidential executive order #13103 requiring organizations to be in compliance with software entitlement purchases. Software management is simplified because standardized software identification tags allow automated inventory collection, providing a definitive view of the software installed throughout an organizations computing infrastructure. Intelligent reporting, for example based on the United Nations Standard Products and Services Code® (UNSPSC), one of the elements included in software identification tags, simplifies reconciliation with entitlements and purchasing records and provides significant operational efficiencies and reporting benefits to the organization.
“Certified software identification tags have the ability to dramatically increase the visibility of IT assets government-wide, while increasing security and operational efficiencies, and reducing the costs of government ITAM operations”, said Alan Vander Mallie, Federal ITAM Program Manager of GSA. “The GSA program is looking forward to seeing software tags in use by all software vendors as soon as possible and is looking for federal agencies to share their tagging requirements. In the context of open and transparent Government, an organization such as TagVault.org allows federal agencies to participate directly with industry towards the common goal of increasing the compliancy and security of its assets. Software tagging efforts and the open exchange of tagging requirements support the basic tenets of the GSA IT asset management program (www.gsa.gov/feditam): know what you have and who you are buying from, manage and buy smarter, while increasing the overall compliancy of your IT assets”.
“Government members of TagVault.org will learn what they can do to ensure the software they purchase can be easily managed, as well as using the information to securely identify known software in their network,” said Steve Klos, executive director of TagVault.org. “TagVault.org is excited to provide this new membership program to government agencies and look forward to the seeing the benefits of certified tags providing benefits to both government and commercial organizations.”
TagVault.org is attending the Government Technology Research Alliance in Pennsylvania in December. The organization has also made the new government membership programs available on its membership forms and will be holding a webinar specifically for Government organizations on December 17, 2009 at 10 AM Pacific to discuss the benefits of specifying the requirement for certified software identification tags in RFPs and software contracts.
TagVault.org is the certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard. Formed as a non-profit organization under IEEE-ISTO, TagVault.org provides a shared library of software tools and technical knowledge that decrease the costs of creating, managing and using software identification tags.
TagVault.org's certification process ensures tags fully conform to the specification while also ensuring that all terms used in the tag are standardized. Certified software identification tags are digitally signed and time-stamped using a certificate issued by VeriSign —ensuring the accuracy of tag data that any third party can validate. Certified software identification tags lower the cost of software asset management for all SAM eco-system members.