International Biometrics Standards
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National Bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.
In the field of information technology, ISO and IEC have established a Joint Technical Committee 1: ISO/IEC JTC 1 on Information Technology.
ISO/IEC JTC 1 SC 37
Chair: Mr. Fernando Podio (USA)
In June 2002, JTC 1 established a new Subcommittee 37 on Biometrics. The goal of this JTC 1 SC is to ensure a high priority, focused, and comprehensive approach worldwide for the rapid development and approval of formal international biometric standards. These standards are necessary to support the rapid deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defence and the prevention of ID theft.
The JTC 1/SC 37 is responsible for the standardisation of biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems. There are 6 working groups:
- JTC 1/SC 37/WG 1 Harmonized biometric vocabulary
- JTC 1/SC 37/WG 2 Biometric technical interfaces
- JTC 1/SC 37/WG 3 Biometric data interchange formats
- JTC 1/SC 37/WG 4 Biometric functional architecture and related profiles
- JTC 1/SC 37/WG 5 Biometric testing and reporting
- JTC 1/SC 37/WG 6 Cross-Jurisdictional and Societal Aspects of Biometrics
As at July 2012, there are 79 ISO standards published under the direct responsibility of JTC 1/SC 37. For updates, see link.
Working Groups within SC27
JTC 1/SC 27/WG 1 Requirements, security services and guidelines
JTC 1/SC 27/WG 2 Security techniques and mechanisms
JTC 1/SC 27/WG 3 Security evaluation criteria
JTC 1/SC 27/WG 4 Security controls and services
JTC 1/SC 27/WG 5 Identity management and privacy technologies
Access schedule of SC27 Meetings.
Mr. Richard A. Mabbott (United Kingdom)
Access standards here.
Working Groups within SC17
JTC 1/SC 17/WG 1 Physical characteristics and test methods for ID-cards
JTC 1/SC 17/WG 3 Identification cards - Machine readable travel documents
JTC 1/SC 17/WG 4 Integrated circuit card with contacts
JTC 1/SC 17/WG 5 Registration Management Group (RMG)
JTC 1/SC 17/WG 8 Integrated circuit cards without contacts
JTC 1/SC 17/WG 9 Optical memory cards and devices
JTC 1/SC 17/WG 10 Motor vehicle driver licence and related documents
JTC 1/SC 17/WG 11 Application of biometrics to cards and personal identification
Contact the Biometrics Institute to find out dates for the meetings of these groups.
ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092:2008 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner.
The following are within the scope of ISO 19092:2008:
usage of biometrics for the authentication of employees and persons seeking financial services by:
verification of a claimed identity;
identification of an individual;
validation of credentials presented at enrolment to support authentication as required by risk management;
management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes;
security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality;
application of biometrics for logical and physical access control;
surveillance to protect the financial institution and its customers;
security of the physical hardware used throughout the biometric information life cycle.
ISO 19092:2008 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.
Contact: Mark Lundin, Chair of the ISO subcommittee who developed the standard (subcommittee SC 2, Security management and general banking operations from ISO technical committee ISO/TC 68, Financial services).
International Civil Aviation Organisation (ICAO)
ICAO Publications (including free publications)
Last updated: July 2015