ISO/IEC 19770-6:2024

International
Standard
ISO/IEC 19770-6
First edition
Information technology — IT asset
2024-01
management —
Part 6:
Hardware identification tag
Technologies de l'information — Gestion des actifs TI —
Partie 6: Étiquette d'identification du matériel
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 2
3.1 Terms and definitions .2
3.2 Abbreviated terms .3
4 Conformance . 3
4.1 HWID tag conformance .3
4.2 Application conformance .4
4.3 Platform conformance .4
5 Interoperability . 4
5.1 Overview and key design decisions .4
5.2 Hardware identifiers - .4
5.3 Use case overview.4
5.4 HWID type .5
5.4.1 General .5
5.4.2 Issuance of a primary HWID . .5
5.4.3 Adding information to a primary HWID .5
5.4.4 Archiving a primary HWID .5
5.4.5 Issuance of a system HWID . . .6
5.4.6 Adding information to a system HWID .6
5.4.7 Archiving a system HWID .6
5.4.8 Systems of systems .6
5.5 Supplemental HWID types .7
5.6 Key design decisions of HWIDs .8
5.7 Uniqueness of identifiers .9
5.7.1 General .9
5.7.2 Entity registration identification – regid .9
5.7.3 Hardware identification tag ID (hwidId) .10
5.8 Interoperability Design Considerations .10
6 Implementation of HWID processes .11
6.1 General .11
6.2 Platform requirements and guidance .11
6.2.1 HWID tag implementation considerations .11
6.2.2 HWID tag methods . 12
6.3 HWID creators . 13
6.4 Trustworthiness of HWIDs .14
6.5 Authenticity of HWIDs .14
6.5.1 General .14
6.5.2 XML digital signatures .14
6.5.3 JSON digital signatures . 15
6.6 HWID file names . 15
6.7 HWID storage . 15
6.8 HWID recovery . 15
6.9 HWID Considerations for asset management platforms . 15
7 Hardware ID file data specification .15
7.1 General . 15
7.2 Minimum HWID tag data required .16
7.3 Recommended HWID tag data values .17
7.4 XML and JSON naming conventions .17
7.4.1 XML considerations .17

© ISO/IEC 2024 – All rights reserved
iii
7.4.2 JSON considerations .17
7.5 Language functionality .18
7.6 Element structure .18
7.7 Data definitions.18
7.7.1 Requirement levels .18
7.7.2 HWID .19
7.7.3 HWIDMeta . 20
7.7.4 Entity . 22
7.7.5 Link . 23
7.7.6 LinkContent .24
7.7.7 Meta .24
7.7.8 OrderInfo .24
7.7.9 Location . 25
7.8 Attribute value definitions . 26
7.8.1 General . 26
7.8.2 ChannelType . 26
7.8.3 HWIDType .27
7.8.4 hwType .27
7.8.5 purchaseCondition . 28
7.8.6 LocationType. 28
7.8.7 Role . 29
7.8.8 SupplementalHWIDType . 29
7.8.9 TrustLevel. 30
7.8.10 Rel . 30
Annex A (informative) XML schema definition (XSD) .32
Annex B (informative) UML and XML documentation .33
Annex C (informative) Sample HWIDs .34
Bibliography . 41

© ISO/IEC 2024 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 19770 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
v
Introduction
0.1  Overview
The ISO/IEC 19770 series for information technology (IT) asset management (ITAM) addresses both
the processes and technology for managing software, hardware, and related IT assets. Because IT is an
essential enabler for almost all activity in today’s world, the ISO/IEC 19770 series integrates tightly into all
of the IT functions. Hardware identification (HWID) tags have the capacity to assist in other management
functions outside the scope of financial-focused or compliance-focused ITAM processes. From a technology
perspective, ITAM standards for information structures provide the data interoperability of software and
hardware management data, and the basis for many related benefits such as more effective security in the
management of software and the authentication of hardware. ITAM standards for information structures
also facilitate significant automation of IT functionality, such as improved authentication of software, and
hardware for automated exposure of identification and mitigation.
0.2  Purpose of this document
This document is an International Standard for HWID tags. The hardware identification tag is a standardized
data structure containing hardware identification information about a hardware product and/or the system
configuration of multiple hardware products that supports new and automated management functions.
Product information provided in the hardware identification tag structure is often provided in an XML data
file, but the same HWID tag product information may be accessible through other means depending on the
computing device being managed.
HWID tags are created by a HWID tag producer, for example, a hardware manufacturer who develops and
distributes hardware. HWID tag data is utilized by HWID tag consumers, for example, an inventory tool or
service that collects information from a physical or virtual device for a variety of purposes.
This document has been developed to facilitate automation of IT processes through the use of hardware
identification tags and for applications which use those tags, for the purposes of inventory control,
configuration management, hardware security, or logistics. This document includes information which
facilitates human understanding (such as model and colloquial version name), but it is unrealistic to expect
to create, manage, and use hardware identification tags without the use of automated capabilities built into
specialist or generalized tools. The extent to which such capabilities are provided by specialist commercial
products, open-source-type products, or platforms themselves, depends on market developments over time.
This document supports IT asset management processes as defined in ISO/IEC 19770-1. This document is
also designed to work together with other parts in the ISO/IEC 19770 series, including ISO/IEC 19770-2,
ISO/IEC 19770-3, ISO/IEC 19770-4, and ISO/IEC 19770-5, which are International Standards for software
identification, entitlement, resource utilization measurement, and overview/vocabulary.
This document provides a common set of terms and associated transport format to facilitate the management
of IT hardware. The intended benefits include easier demonstration of proof of ownership, improved asset
management, and improved security.
Furthermore, an additional benefit of having a standard for describing hardware components is to encourage
the normalization by industries of names for, and the details of, different types of hardware. A common
lexicon is critical to standardization and shared understanding of terminology. The terms in this document
should form a part of that lexicon over time.
Hardware identification tags can benefit all stakeholders involved in the development, manufacturing,
distribution, deployment, installation, and on-going management of hardware. Key benefits associated with
hardware identification tags include the following.
a) The ability to consistently and authoritatively identify hardware products that need to be managed for
any purposes of inventory control, configuration management, hardware security, or logistics or for the
specification of dependencies. Hardware identification tags provide the meta-data necessary to support
more accurate identification than other traditional hardware identification techniques.

© ISO/IEC 2024 – All rights reserved
vi
b) The ability to identify groups of hardware products in the same way as individual hardware products
(e.g., components and modules within a single system), thus enabling entire groups of hardware
products to be managed as a system with the same flexibility as individual products.
c) The ability to automatically relate installed hardware with other information such as repair installations,
configuration issues, maintenance agreements or vulnerabilities.
d) The ability to facilitate interoperability of hardware identification between different hardware
manufacturers, different hardware platforms, different IT management tools, and within hardware
manufacturing, as well as between HWID tag producers and HWID tag consumers.
e) The ability to facilitate automated approaches to hardware inventory, using information both from the
hardware identification tag and from the software identification schema as specified in ISO/IEC 19770-2.
f) The ability to provide a comprehensive information structure that identifies different entities, including
hardware manufacturers, packagers, distributors external to the hardware consumer, as well as various
entities within the hardware consumer, associated with the system configuration, installation, and
management of the product on an on-going basis.
g) The ability to establish trust through the optional use of digital signatures by organizations creating
hardware identification tags, the ability to validate that hardware identification is authoritative, and
from a trusted source.
h) The opportunity for entities other than original hardware manufacturers (e.g. independent providers or
in-house personnel) to create non-authoritative hardware identification tags for legacy hardware, and/
or for hardware from other manufacturers who do not provide hardware identification tags themselves.
Annex A contains the XML schema document for HWID tags; Annex B provides a UML diagram of the HWID
tag schema; Annex C provides sample HWID tags.

© ISO/IEC 2024 – All rights reserved
vii
International Standard ISO/IEC 19770-6:2024(en)
Information technology — IT asset management —
Part 6:
Hardware identification tag
1 Scope
This document provides specifications for a transport format which enables the digital encapsulation of this
data. This document refers to an encapsulation of hardware identification (HWID) data as a HWID tag, just
as ISO/IEC 19770-2 refers to software identification (SWID) tags for software identification.
This document applies to the following.
— Tag producers: organizations that create HWID tags for use by others in the market. A tag producer can
be part of the organization creating the hardware or a third-party organization. These organizations can
be broken down into two major categories.
— Device or component providers: entities responsible for the manufacturing or creation of the hardware
device and/or associated operating system, virtual environment, or application platform. Platform
providers which support this document can additionally provide tag management capabilities at the
level of the platform or operating system.
— Tag tool providers: entities that provide tools to create hardware identification tags. For example,
tools within development environments that generate hardware identification tags, or installation
tools that can create tags on behalf of the installation process, and/or desktop management tools
that can create tags for underlying hardware, virtual machines, or platforms that did not originally
have a hardware identification tag.
— Tag consumers: tools and/or organizations who utilize information from HWID tags are broken down
into the following two major categories.
— Device or component consumers: entities that purchase, install, integrate, and/or otherwise deploy
physical or virtual hardware or components.
— IT discovery and processing tool providers: entities that provide tools to collect, store, and process
hardware identification tags. These tools may be targeted at a variety of different market segments,
including security, asset management, and logistics.
This document deals only with hardware device or component identification.
This document does not detail information technology asset management (ITAM) processes required for
discovery and management of hardware (which is provided in ISO/IEC 19770-1) software identification tags
(as defined by ISO/IEC 19770-2), entitlement tags (as defined by ISO/IEC 19770-3), or resource utilization
measurements (as defined by ISO/IEC 19770-4).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 19770-2, Information technology — IT asset management — Part 2: Software identification tag
ISO/IEC 19770-3, Information technology — IT asset management — Part 3: Entitlement schema

© ISO/IEC 2024 – All rights reserved
ISO/IEC 19770-5, Information technology — IT asset management — Part 5: Overview and vocabulary
1)
RFC 3986 , Uniform Resource Identifier (URI): Generic Syntax
2)
RFC 7515 , JSON Web Signature
XML Signature Syntax and Processing Version 1.1, W3C Recommendation 11 April 2013 https:// www .w3
.org/ TR/ xmldsig -core1/
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19770-5 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1.1
dynamic attribute
element of a HWID tag that may change over the life of the product or are defined after creation
3.1.2
HAM
hardware asset management
coordinated activity of an organization to realize value from hardware assets
Note 1 to entry: Hardware asset management is a specialization and sub discipline of IT asset.
3.1.3
HWID creator
entity that initially creates a HWID record
Note 1 to entry: This entity can be part of the organization that manufactured the component to which the record
relates, in which case the HWID creator and component manufacturer are the same. The HWID creator can also be
a separate organization or third party unrelated to the manufacturer (such as in the case where HWID records are
created for existing hardware components by an operating system or a tool deployed by the device owner).
3.1.4
HWID schema
hardware Identification schema
information structure containing a digital description of a hardware component and its associated
information
3.1.5
legacy hardware
hardware originally created without native information structures
1) https:// www .ietf .org/ rfc/ rfc3986 .txt.
2) https:// tools .ietf .org/ html/ rfc7515.

© ISO/IEC 2024 – All rights reserved
3.1.6
software identification tag
SWID tag
information structure containing identification information about a software configuration item.
[SOURCE: ISO/IEC 19770-5:2015, 3.40, modified — At the end of the definition, "which may be authoritative
if provided by a software creator" has been removed.]
3.1.7
static attribute
element of a HWID that do not change over the life of the product or are defined at creation
3.2 Abbreviated terms
Ent software Entitlement schema, Entitlement schema
GUID globally unique identifier
HAM hardware asset management
HWID hardware identification
IETF internet engineering task force
ITAM information technology asset management
JSON javascript object notation
OEM original equipment manufacturer
regid registration identifier
SAM software asset management
SKU stock keeping unit
SWID software identification
UNSPSC united nations standard products and services code
URI uniform resource identifier
URL uniform resource locator
W3C World Wide Web Consortium
XML extensible markup language
XSD XML schema document
4 Conformance
4.1 HWID tag conformance
A hardware identification tag is in conformance with this document if the tag data structure meets all the
requirements specified in this document.

© ISO/IEC 2024 – All rights reserved
4.2 Application conformance
Application conformance incorporates both syntax and semantics.
— A conforming tag consumer shall not reject any conforming HWID tag.
— A conforming tag producer shall be able to produce HWID tags conforming to this document.
— A conforming tag consumer shall treat the information in HWID tag in a manner consistent with the
semantic definitions given in this document. An application’s intended behaviour shall not require that
application to process all of the information in a HWID tag. However, the information that it does process
shall be processed in a manner that is consistent with the semantic definitions given in this document.
— A conforming tag consumer should, when necessary, be able to identify the version of the XML schema
(XSD) used for a HWID tag and process information provided in older versions of HWID tags in a manner
that is consistent with that version of the XSD.
4.3 Platform conformance
A platform is in conformance with this document if it provides a programmatic interface to add, retrieve,
enumerate, and remove HWID tag data and/or if it provides support for HWID tags to be stored on and
retrieved from a file storage environment on a specified device.
5 Interoperability
5.1 Overview and key design decisions
This clause explains the essential nature of HWIDs, and how the different types of HWID records interrelate
and are designed to provide for interoperability of creation and usage by all parties involved with hardware
component data.
5.2 Hardware identifiers -
The unique identifier for each HWID is the . This is a GUID which may be formed in different
ways, as long as global uniqueness is achieved. A 16-byte GUID shall be used for this field – this provides
global uniqueness without a significant amount of overhead for space. These GUIDs should be generated in a
fashion compliant to ISO/IEC 9834-8.
For hwidID, if use of a 16 byte GUID is not possible, a text based globally unique ID may be constructed.
This ID should include a unique naming authority for the and sufficient additional details
that the is unique for the entitlement. This can look as follows (+ is used as a string concatenation
symbol):
regid + productName + version + edition + revision + …
5.3 Use case overview
There are a number of basic use cases which can be supported by the definitions contained in this document.
Note that the HWID merely records the state of an artifact at a certain point in time. For example, a HWID
represents a specific piece of hardware, in a specific location, with a specific owner at a specific point in
time. To transfer hardware to another organization, it is not sufficient just to create transfer transactions
recording a change in ownership and location using HWIDs; rather, compliance with the necessary terms
and conditions (e.g. of the hardware maintenance) for the transfer is required.

© ISO/IEC 2024 – All rights reserved
5.4 HWID type
5.4.1 General
The main use cases supported by the HWID specification are provided in Table 1. Each provides a short
explanation of how it is implemented.
The type of HWID is defined by the value hwidType.
Table 1 — hwidType values
hwidType value Meaning
Primary This is the “base” HWID tag for an asset, representing the primary attributes of the hard-
ware being identified.
System A tag establishing relationships between one or more primary and/or system tags for
a given system. This is useful for connecting peripherals to a PC, virtual machines to a
physical host or multiple systems together in a cluster.
Supplemental Supplemental tags are designed to provide additional information to either primary or
system tags.
5.4.2 Issuance of a primary HWID
Issuance of a primary HWID is the 'base' HWID type. It is expected that primary HWIDs should be issued
by the hardware manufacturer, who should be able to provide authoritative information relating to the
hardware’s details. HWIDs may also be issued by third party suppliers but would be considered a non-
authoritative tag. This may be necessary if manufacturers do not supply HWIDs, such as to encapsulate
legacy hardware which had no associated HWIDs, etc.
Primary HWID tags are implemented by creating a HWID of = 'Primary'.
5.4.3 Adding information to a primary HWID
End-user organizations and third parties may wish to add information to a HWID, e.g. order information,
entitled entities and or user configured identifiers.
Information is added to a HWID tag by creating a HWID of = 'Supplemental', and with
= 'InfoAdded' which specifies a equal to the
of the primary HWID which is to be extended.
Example of a primary HWID:
fabrikam.com_MightyPC_AAA.HWID
HWIDId=”AAA”
hwidType=”Primary”
Example of a linked supplemental HWID:
reseller.com_MightyPC_BBB.HWID
HWIDID=”BBB”
hwidType=”Supplemental”
supplementalhwType=”InfoAdded”

linkedToPrimaryhwidID=”AAA”

5.4.4 Archiving a primary HWID
The purpose of archiving is to remove HWIDs from active use, so that they are no longer valid for hardware
management purposes. This is appropriate, for example, for hardware that is no longer being used by the
organization and which is no longer required to be tracked as an asset.

© ISO/IEC 2024 – All rights reserved
The archive functionality is implemented by creating a supplemental HWID of type = 'Archived', this
identifies the of the HWID which is to be revoked in attribute.
5.4.5 Issuance of a system HWID
Issuance of a system HWID combines multiple primary HWIDs into a logical grouping of an entity
that is treated as a single instance. It is expected that system HWIDs should be issued by the hardware
manufacturer, who should be able to provide authoritative information relating to the hardware details
during the manufacturing or assembly process. System HWIDs may also be issued by third party suppliers
or system integrators as non-authoritative tags. The issuance of non-authoritative system HWIDs may be
necessary if manufacturers do not supply system HWIDs.
System HWID tags are implemented by creating a HWID of = 'System'.
5.4.6 Adding information to a system HWID
End-user organizations and third parties may wish to add information to a system HWID, e.g. addition of
additional information about the system.
Information is added to a HWID tag by creating a HWID of = 'Supplemental', and with
= 'InfoAdded' which specifies a equal to the
of the primary HWID which is to be extended.
Example of a system HWID:
fabrikam.com_MightyPC_BBB.HWID
hwidID=”BBB”
hwidType=”System”

linkedToPrimaryhwidID=”AAA”

Example of a linked supplemental HWID:
reseller.com_MightyPC_CCC.HWID
hwidID=”CCC”
hwidType=”Supplemental”
supplementalhwType=”InfoAdded”

linkedToSystemhwidID=”BBB”
5.4.7 Archiving a system HWID
The purpose of archiving is to accomplish one of the following two goals.
— Remove system HWIDs from active use, so that they are no longer actively used for hardware management
purposes. This would be appropriate, for example, for hardware that is no longer being used by the
organization and which is no longer required to be tracked as a system.
— Remove system HWIDs where the makeup of the system has been altered sufficiently enough where it
makes more sense to reissue a new system tag. At this point a new system tag may be generated.
The archive functionality is implemented by creating a supplemental HWID of type = 'Archived', this
identifies the of the HWID which is to be revoked in attribute.
5.4.8 Systems of systems
As system tags define groups of hardware assets that logically belong together, system tags may also be
used to link together logically grouped systems. For example, a data center server can be represented by a
system HWID tag containing the server computer, the storage medium it uses, and a power supply. It may
also be beneficial to think of the entire rack as a single unit of systems that includes multiple data center
servers, a top of rack network switch, the rack itself, and all cables used to interconnect the systems.

© ISO/IEC 2024 – All rights reserved
A system of systems is described by creating a new HWID tag of hwidType=”System”, and then using the
linkedToSystemhwidID attribute to connect multiple system HWIDs.
Example of a primary system HWID:
reseller.com_MightyPC_ZZ.HWID
HWIDID=”ZZ”
hwidType=”System”

linkedToSystemhwidID=”XX”


linkedToSystemhwidID=”YY”

Example of a subsystem HWID 1:
fabrikam.com_MightyPC_XX.HWID
HWIDId=”XX”
hwidType=”System”

linkedToPrimaryhwidID=”AAA”

Example of a subsystem HWID 2:
fabrikam.com_MightyPC_YY.HWID
HWIDId=”YY”
hwidType=”System”

linkedToPrimaryhwidID=”CCC”


5.5 Supplemental HWID types
If a HWID has a type of “Supplemental”, their specific use is defined by the value ‘supplementalHWIDType’.
Suggested values are given in Table 2. As per the definition of “SupplementalHWIDType” in 7.8.8, it is possible
to define additional values.
This addition of additional values into supplemental HWID tags should only be done when specific use
cases absolutely require the additional values to be contained within the HWID tag structure, as there is no
common understanding of the definition for these additional values.

© ISO/IEC 2024 – All rights reserved
Table 2 — supplementalHWIDType values
supplementalHWIDType Meaning
value
InfoAdded This supplemental record is to add information to an existing primary HWID. If differ-
ent data values are added for the same element or attribute (whether in the same or in
different supplemental HWIDs), then the interpretation of that data, i.e. the order of
precedence, is not specified by this document. (Supplemental HWIDs with incorrect
or changed values should be revoked – see below.)
Archived This supplemental HWID archives an existing HWID.
The for the HWID which is archived is specified in the
or attribute.
If the or value indicates
a HWID which has the of “Supplemental” then only that supplemental
HWID is archived.
If the indicated in the or
attribute is not of “Supplemental” then that and all supplemental
HWIDs associated with that are to be considered archived.
The primary reasons that a HWID would be marked archived are:
— The HWID referenced needs to be replaced because of incorrect or missing
information. Instead of adding the information with an InfoAdded, the entire
HWID is archived and reissued.
— The hardware or system described by the HWID referenced has
...