ISO/IEC 19792:2009

ISO/IEC 19792:2009 specifies the subjects to be addressed during a security evaluation of a biometric system.

It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).

ISO/IEC 19792:2009 does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in ISO/IEC 19792:2009 are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme.

ISO/IEC 19792:2009 defines various areas that are important to be considered during a security evaluation of a biometric system.

ISO/IEC 19792:2009 is relevant to both evaluator and developer communities.

• It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system.
• It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations.

Although ISO/IEC 19792:2009 is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.