The International Organization for Standardization (ISO) has published a new standards series focused on biometric security. The series of standards ISO/IEC 19989, Information security – Criteria and methodology for security evaluation of biometric systems, helps to ensure consumers are protected from presentation attacks, where an attempt to subvert the system security policy is made by presenting natural biometric characteristics or artifacts holding copied or faked characteristics. This series provides a bridge between ISO/IEC 19792, which defines the evaluation principles for biometric products and systems, and the ISO/IEC 15408 series and ISO/IEC 18045, which define the criteria and methodology requirements for security evaluation.
ISO/IEC 19989-1, Information security – Criteria and methodology for security evaluation of biometric systems – Part 1: Framework, sets the general framework for the security evaluation of biometric systems, including extended security functional components, and supplementary activities to methodology.
ISO/IEC 19989-2, Information security – Criteria and methodology for security evaluation of biometric systems – Part 2: Biometric recognition performance, provides requirements and recommendations to the developer and the evaluator of biometric systems for the supplementary activities on biometric recognition performance specified in ISO/IEC 19989-1.
ISO/IEC 19989-3, Information security – Criteria and methodology for security evaluation of biometric systems – Part 3: Presentation attack detection, is dedicated to security evaluation of presentation attack detection applying the ISO/IEC 15408 series. It provides recommendations and requirements to the developer and the evaluator for the supplementary activities on presentation attack detection specified in ISO/IEC 19989-1.
The ISO/IEC 19989 series was developed by subcommittee SC 27, Information security, cybersecurity and privacy protection, of joint technical committee ISO/IEC JTC 1, the information technology arm of ISO and the International Electrotechnical Commission (IEC). The secretariat of SC 27 is held by DIN, ISO’s member for Germany.
All of these standards can be purchased from your national ISO member or the ISO Store.
