Source: ISO News (www.iso.org)

A new series of International Standards has just been published.

An effective means of verifying identification, the use of biometrics is increasingly widespread and ensuring its security is, therefore, essential.

Threats to biometric systems can come in the form of presentation attacks, where an attempt to subvert the system security policy is made by presenting natural biometric characteristics or artefacts holding copied or faked characteristics.

The series of standards ISO/IEC 19989, Information security – Criteria and methodology for security evaluation of biometric systems, has just been published to help ensure they are protected from such attacks. This series provides a bridge between ISO/IEC 19792, which defines the evaluation principles for biometric products and systems, and the ISO/IEC 15408 series and ISO/IEC 18045, which define the criteria and methodology requirements for security evaluation.

ISO/IEC 19989-1, Information security – Criteria and methodology for security evaluation of biometric systems – Part 1: Framework, sets the general framework for the security evaluation of biometric systems, including extended security functional components, and supplementary activities to methodology.

ISO/IEC 19989-2, Information security – Criteria and methodology for security evaluation of biometric systems – Part 2: Biometric recognition performance, provides requirements and recommendations to the developer and the evaluator of biometric systems for the supplementary activities on biometric recognition performance specified in ISO/IEC 19989-1.

ISO/IEC 19989-3, Information security – Criteria and methodology for security evaluation of biometric systems – Part 3: Presentation attack detection, is dedicated to security evaluation of presentation attack detection applying the ISO/IEC 15408 series. It provides recommendations and requirements to the developer and the evaluator for the supplementary activities on presentation attack detection specified in ISO/IEC 19989-1.

The ISO/IEC 19989 series was developed by subcommittee SC 27, Information security, cybersecurity and privacy protection, of joint technical committee ISO/IEC JTC 1, the information technology arm of ISO and the International Electrotechnical Commission (IEC). The secretariat of SC 27 is held by DIN, ISO’s member for Germany.

All of these standards can be purchased from your national ISO member or the ISO Store.

Contact ISO

International Organization for Standardization
ISO Central Secretariat
1, ch. de la Voie-Creuse
CP 56 - CH-1211 Geneva 20
Switzerland

E-mail:   This email address is being protected from spambots. You need JavaScript enabled to view it.
Tel. :   +41 22 749 01 11
Fax :   +41 22 733 34 30

Contact BPS – The Philippines’ member to ISO

Bureau of Philippine Standards (BPS)

Department of Trade and Industry

3F Trade and Industry Bldg., 361 Sen. Gil Puyat Ave.,

Makati City, Philippines

T/ (632) 751.4736; 507.7307 F/ (632) 751.4748; E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.