Security evaluation of biometrics | StandICT.eu

Supporting European Experts Presence in International Standardisation Activities in ICT

| Login | Register |

Email: contact@standict.eu | Contact Us

Security evaluation of biometrics

Home
Security evaluation of biometrics

Error message

User warning: The following module is missing from the file system: cascading_grants_services. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1184 of /var/www/html/web/includes/bootstrap.inc).

	ISO/IEC 19792:2009 Security evaluation of biometrics
SCOPE	This International Standard specifies the subjects to be addressed during a security evaluation of a biometric system. It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).
LATEST PUBLICATION DATE	August 2009
COMMITTEE / WG	ISO/IEC JTC 1/SC 27 Information Security, cybersecurity and privacy protection
WIKI WATCH Insert here: activities, gaps, opportunities, and other user driven comments	Log in or register to post comments 1444 reads Submitted by rsreillo on Sat, 07/20/2019 - 23:26 This standard was created with the objective to address security evaluations of systems which use biometric technology in compliance with Common Criteria (CC). It defines the major requirements to follow, but it neither states a concrete methodology, nor establishes a correspondence between those requirements and the testing activities addressed in the Common Criteria Evaluation Methodology (CEM). As it was published in 2009, it should have gone through a systematic review, in order to enhance the content of the standard, and adapt it to the latest works in CC. But unfortunately, the international community did not consider it necessary to go for such a revision, at least till now. One of the reasons behind this decision may be on the fact that trying to reach a generic methodology for all kind of biometric systems, seems to be a really tough work. So the strategy is to start focussing on particular scenarios and applications. This can be seen in the revision of ISO/IEC 24745 on Biometric Information Protection (currently on-going), the revision to ISO/IEC 24761 Authentication context for biometrics (close to be finished), the revision of the 3 parts of ISO/IEC 19989 Criteria and methodology for security evaluation of biometric systems (in process), and the future ISO/IEC 27553 Security requirements for authentication using biometrics on mobile devices (still in a very premature stage). Like: +1 0 -1 Submitted by jbringer on Fri, 09/27/2019 - 09:16 19792 is one of the key introduction to the various vulnerabilities that may concern a biometric system and gives a first level of guidance to tackle them. More details on the security evaluation methodology are developed into 19989 (on-going). Like: +1 0 -1 submit a comment

Back to the search results