Information security — Criteria and methodology for security evaluation of biometric systems — Part 1: Framework

For security evaluation of biometric recognition performance and presentation attack detection for biometric verification systems and biometric identification systemsthis document specifies: — extended security functional components to SFR Classes in ISO/IEC 15408-2; — supplementary activities to methodology specified in ISO/IEC 18045 for SAR Classes of ISO/IEC 15408-3. This document introduces the general framework for the security evaluation of biometric systems, including extended security functional components, and supplementary activities to methodology, which is additional evaluation activities and guidance/recommendations for an evaluator to handle those activities. The supplementary evaluation activities are developed in this document while the detailed recommendations are developed in ISO/IEC 19989-2 (for biometric recognition aspects) and in ISO/IEC 19989-3 (for presentation attack detection aspects). This document is applicable only to TOEs for single biometric characteristic type. However, the selection of a characteristic from multiple characteristics in SFRs is allowed.

Sécurité de l'information — Critères et méthodologie pour l'évaluation de la sécurité des systèmes biométriques — Partie 1: Cadre

General Information

Status
Published
Publication Date
28-Sep-2020
Current Stage
9092 - International Standard to be revised
Completion Date
03-May-2024
Ref Project

Buy Standard

Standard
ISO/IEC 19989-1:2020 - Information security -- Criteria and methodology for security evaluation of biometric systems
English language
62 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 19989-1
First edition
2020-09
Information security — Criteria and
methodology for security evaluation
of biometric systems —
Part 1:
Framework
Sécurité de l'information — Critères et méthodologie pour
l'évaluation de la sécurité des systèmes biométriques —
Partie 1: Cadre
Reference number
ISO/IEC 19989-1:2020(E)
©
ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC 19989-1:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 19989-1:2020(E)

Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 3
5 General remarks . 4
6 Vulnerabilities in biometric systems and security evaluation . 5
6.1 Categorization of common vulnerabilities of biometric systems . 5
6.2 Biometric system and presentation attack detection . 8
6.3 Categorization of TOEs in relation to the type of evaluation . 9
6.3.1 Biometric recognition performance evaluation . 9
6.3.2 PAD evaluation .10
7 Extended security functional components to Class FPT: Protection of the TSF .10
7.1 General .10
7.2 Presentation attack detection (FPT_PAD) .11
7.2.1 Family behaviour .11
7.2.2 Component levelling .11
7.2.3 Management of FPT_PAD.1 .11
7.2.4 Audit of FPT_PAD.1 .11
7.2.5 FPT_PAD.1 Presentation attack detection .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.