ISO/IEC CD 19989-1

Information security — Criteria and methodology for security evaluation of biometric systems — Part 1: Framework

Apstrakt

For security evaluation of biometric recognition performance and presentation attack detection for biometric verification systems and biometric identification systems, this document specifies:
—    extended security functional components to SFR Classes in ISO/IEC 15408-2;
—    evaluation activities to methodology specified in ISO/IEC 18045 for SAR Classes of ISO/IEC 15408-3.
This document introduces the general framework for the security evaluation of biometric systems, including extended security functional components, and evaluation activities to methodology, which is additional activities and guidance/recommendations for an evaluator to handle those activities. The evaluation activities are developed in this document while the detailed recommendations are developed in ISO/IEC 19989-2 (for biometric recognition performance aspects) and in ISO/IEC 19989-3 (for presentation attack detection aspects). This document is applicable only to TOEs for single biometric characteristic type. However, the selection of a characteristic from multiple characteristics in SFRs is allowed.