ISO/IEC DIS 19792

Information security, cybersecurity and privacy protection — General principles of security evaluation of biometric systems

General information

40.60 Close of voting   Sep 28, 2024

ISO/IEC

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection

International Standard

35.030   IT Security

Scope

ISO/IEC 19792:2009 specifies the subjects to be addressed during a security evaluation of a biometric system.
It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).
ISO/IEC 19792:2009 does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in ISO/IEC 19792:2009 are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme.
ISO/IEC 19792:2009 defines various areas that are important to be considered during a security evaluation of a biometric system.
ISO/IEC 19792:2009 is relevant to both evaluator and developer communities.

It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system.
It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations.

Although ISO/IEC 19792:2009 is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.

Life cycle

PREVIOUSLY

PUBLISHED
ISO/IEC 19792:2009

NOW

IN_DEVELOPMENT
ISO/IEC DIS 19792
40.60 Close of voting
Sep 28, 2024