The Asset taxonomy is both a scope and dependency taxonomy based upon asset categories, classes, and asset versioning dependencies. To a certain extent, the Asset taxonomy maintained by the UCF™ team has to "jibe" with the Common Platform Enumerator (CPE) naming methodology maintained by MITRE (or at least as close as possible).

Rule 1: Establish and maintain a baseline hierarchy of asset categories

All assets within the UCF's Common Asset Enumerator list must fall into one of the choices listed below. These are listed in their current sort order, and as the number of categories increase, the new category items will be added to this list and re-presented in their most current sort order.

• Operating System (includes OS drivers) - An Operating system provides the software platform which directs the overall activity of a computer, network or system, and on which all other software programs and applications can run. In many ways, choice of an operating system will effect which applications can be run. Operating systems perform basic tasks, such as recognizing input from the keyboard, sending output to the display screen, keeping track of files and directories on the disk and controlling peripheral devices such as disk drives and printers. For large systems, the operating system has even greater responsibilities and powers - becoming a traffic cop to makes sure different programs and users running at the same time do not interfere with each other. The operating system is also responsible for security, ensuring that unauthorized users do not access the system. Examples of operating systems are UNIX, DOS, Windows, LINUX, Macintosh, and IBM's VM. Operating systems can be classified in a number of ways, including: multi-user (allows two or more users to run programs at the same time - some operating systems permit hundreds or even thousands of concurrent users); multiprocessing (supports running a program on more than one CPU); multitasking (allows more than one program to run concurrently); multithreading (allows different parts of a single program to run concurrently); and real time (instantly responds to input - general-purpose operating systems, such as DOS and UNIX, are not real-time).

• Application (includes application drivers) - In the broadest sense, the use of information resources (information and information technology) to satisfy a specific set of user requirements. When speaking about software, any program designed to perform a specific function directly for the user or, in some cases, for another application. A computer program designed to help people perform a certain type of work, including specific functions, such as payroll, inventory control, accounting, and mission support. Depending on the work for which it was designed, an application can manipulate text, numbers, graphics, or a combination of these elements. An application contrasts with systems program, such as an operating system or network control program, and with utility programs, such as copy or sort.

• Storage - Storage is the catch-all term for any type of media and medium that holds information or information assets, such as a direct access storage device, an electronic storage system, a storage area network, offline storage, or even open storage.

• Hardware (anything from cards to whole CPUs, network devices, etc.) - The physical components of information technology including the computers, peripheral devices such as printers, discs, and scanners, and cables, switches, and other elements of the telecommunications infrastructure.

• Network - A group of computers and associated devices that are connected by communications facilities in order to share resources. A network can involve permanent connections, such as cables, or temporary connections made through telephone or other communications links. A network can be as small as a local area network consisting of a few computers, printers, and other devices, or it can consist of many small and large computers distributed over a vast geographic area. A telecommunications medium and associated components responsible for the transmission of information. A local-area network (LAN) refers to connected computers and devices geographically close together (i.e. in the same building). A wide-area network (WAN) refers generally to a network of PC's or other devices, remote to each other, connected by telecommunications lines. Typically, a WAN may connect two or more LAN's together.

• Power or Air - Power is an organizational asset that describes both full time power from an electrical grid and emergency power (whether from a generator or an uninterruptible power supply). Air is an organizational asset that ensures heating, cooling, and humidity are kept in the right proportions according to organizational asset needs.

• Facility (including containers) - A facility in terms of organizational assets can be anything from a lockable and transportable container, to stationary containers, to individual buildings, to campuses. A container is any object that can be used to hold things, and in our context, information, information assets, or other organizational assets. Containers can either be strong plastic or metal box-like objects of standardized dimensions that can be loaded from one form of transport to another.

As the Network Frontiers team begins to build out product categories, we will work with all vendors to create an additional product category field and standardize the category entry types.

Rule 2: Separate an asset's vendor/creator from the asset hierarchy

While it is important for assets to have a direct relationship to the vendors that created, produced, published, or otherwise promulgated them, it is just as important to allow the asset to stand alone in the asset hierarchy without the vendor's information as a part of its genealogy. Why? Because many times assets outlive the vendors that created them. The author of the document you are reading had a sailboat that started out as a Yankee and was finished by Catalina. Was the sailboat a Yankee or a Catalina? That would depend upon the year the question was asked. Same thing with hardware and software products. Citadel used to be a company and a product. Now it is not a company because McAfee purchased it. The asset remains, the vendor has now changed. That shouldn't affect the asset's genealogy.

Rule 3: Add assets to the list by subordinating them to their category and removing all meta information

Assets within the UCF™ can have multiple entries of meta information, including asset versions, update information, and so on. When adding a record, the record must be added as a subordinate to its base category.

Example

In this example, the asset Access (ID 0000011) is being added to the Asset list as a subordinate to the record Application (ID 0000004). We show visually that the record Access has no meta data associated with it by showing the meta data separators (:) with no information between them.

ID	Genealogy	Sort ID	Record
0000004	0000000	001 004	Application
0000011	0000000 0000004	001 004 001	Access:::::

Rule 4: Add asset versions to the list by subordinating the versioned asset according to the asset meta information field order

Further subordination and sort order of the list comes from taxonomic subordination of records due to meta data associated with the asset. The basic meta data that the UCF™ team has encountered with assets so far includes these meta fields:

• • Version - The number of the particular version of an asset, if any. This is the same information as tracked in the CPE Version element. As such, the version should be represented in the whatever format the product represents it in.

  • Update Info - If the asset has been updated, enter the information the vendor uses to indicate the particular update, such as a number, date, or service pack number. Sometimes this is referred to as a point release or a minor version. However, most of the time within the CPE list (which is a direct equivalent) this is where the service pack information has been documented. The technical difference between version and update will be different for certain vendors and products and as this bit of meta information evolves, our rules for adding and updating the information in this field will evolve as well.

  • Edition - If the asset has an edition name or number, enter it here. When considering software products that run only on certain operating systems, add the operating system in the edition field (i.e., Windows, Macintosh, Linux, Unix, Solaris, etc.). This could (and usually is) used to delineate professional versus education versus home user editions of a product. This is the more or less the same information as tracked in the CPE Edition element.

  • Language - If the asset is in a specific language, that's what needs to be entered here. However, we are not using the name of the language, but rather the ISO 639-2 Codes for the Representation of Names of Languages reference. A complete and up-to-date reference can be found online at http://loc.gov/standards/iso639-2/php/code_changes.php. This should be the same information as tracked in the CPE Language element, however, we've found that all sorts of wonderful things have been popping up there. Therefore, we are more strict and are limiting our meta field to that which belongs to ISO 639-2 (which, by the way, allows for the Klingon language to be used).

  • Platform - If the asset is platform specific (32 bit, 64 bit, Intel, G4, etc.), then that's the information that must be entered here.

Example

In the example that follows, Biztalk Server 2000 developer is shown to come before Biztalk Server 2000 service pack 1 because developer has a null value for the update info meta data element, which sets it as a higher level than service pack 1.

ID	Genealogy	Sort ID	Record
0000023	0000000 0000004	001 004 013	Biztalk Server:::::
0000254	0000000 0000004 0000023	001 004 013 001	Biztalk Server:2000::::
0000828	0000000 0000004 0000023 0000254	001 004 013 001 001	Biztalk Server:2000::developer::
0000829	0000000 0000004 0000023 0000254	001 004 013 001 002	Biztalk Server:2000:sp1a:::
0001143	0000000 0000004 0000023 0000254 0000829	001 004 013 001 002 001	Biztalk Server:2000:sp1a:developer::
0001144	0000000 0000004 0000023 0000254 0000829	001 004 013 001 002 002	Biztalk Server:2000:sp1a:enterprise::
0001145	0000000 0000004 0000023 0000254 0000829	001 004 013 001 002 003	Biztalk Server:2000:sp1a:standard::

Rule 5: Ensure that assets are listed in alphanumeric format with a manual override

In true alphanumeric format, an asset would be sorted and listed according to strict machine based sorting rules. This in effect would sort Excel 95 as coming after Excel 2000, because 9 is greater than 2. This is where a manual override and human intervention has to come in. Any person reading a list of Excel versions would know that Excel 95 is supposed to come before Excel 2007. And because we can't rename the official asset name to Excel 1995, we'll have to settle for humans being able to use their noggin and allow for manual overrides in the sort order.