ISO/IEC 19792:2009
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Information technology — Security techniques — Security evaluation of biometrics
Hardcopy , PDF
English
30-07-2009
25-06-2025
ISO/IEC 19792:2009 specifies the subjects to be addressed during a security evaluation of a biometric system.
It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).
ISO/IEC 19792:2009 does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in ISO/IEC 19792:2009 are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme.
ISO/IEC 19792:2009 defines various areas that are important to be considered during a security evaluation of a biometric system.
ISO/IEC 19792:2009 is relevant to both evaluator and developer communities.
- It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system.
- It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations.
Although ISO/IEC 19792:2009 is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.
| Committee |
ISO/IEC JTC 1/SC 27
|
| DocumentType |
Standard
|
| Pages |
37
|
| PublisherName |
International Organization for Standardization
|
| Status |
Superseded
|
| SupersededBy |
| Standards | Relationship |
| IS/ISO/IEC 19792 : 2009 | Identical |
| INCITS/ISO/IEC 19792 : 2012 | Identical |
| NEN ISO/IEC 19792 : 2009 | Identical |
| BS ISO/IEC 19792:2009 | Identical |
| DS ISO/IEC 19792 : 2009 | Identical |
| INCITS/ISO/IEC 19792:2009(R2022) | Identical |
| 18/30361485 DC : 0 | BS ISO/IEC 19896-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - COMPETENCE REQUIREMENTS FOR INFORMATION SECURITY TESTERS AND EVALUATORS - PART 3: KNOWLEDGE, SKILLS AND EFFECTIVENESS REQUIREMENTS FOR ISO/IEC 15408 EVALUATORS |
| BS ISO/IEC 30107-3:2017 | Information technology. Biometric presentation attack detection Testing and reporting |
| BS ISO/IEC 17922:2017 | Information technology. Security techniques. Telebiometric authentication framework using biometric hardware security module |
| 17/30331331 DC : DRAFT MAY 2017 | BS ISO/IEC 30136 - INFORMATION TECHNOLOGY - PERFORMANCE TESTING OF BIOMETRIC TEMPLATE PROTECTION SCHEMES |
| INCITS/ISO/IEC 29115 : 2014 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENTITY AUTHENTICATION ASSURANCE FRAMEWORK |
| ISO/IEC 30107-3:2017 | Information technology — Biometric presentation attack detection — Part 3: Testing and reporting |
| BS ISO/IEC 24761:2009 | Information technology. Security techniques. Authentication context for biometrics |
| BS ISO/IEC 29115:2013 | Information technology. Security techniques. Entity authentication assurance framework |
| BS ISO/IEC 24745:2011 | Information technology. Security techniques. Biometric information protection |
| 16/30266969 DC : 0 | BS ISO/IEC 17922 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TELEBIOMETRIC AUTHENTICATION FRAMEWORK USING BIOMETRIC HARDWARE SECURITY MODULE |
| BS ISO/IEC 30136:2018 | Information technology. Performance testing of biometric template protection schemes |
| 10/30136309 DC : 0 | BS ISO/IEC 24745 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - BIOMETRIC INFORMATION PROTECTION |
| 15/30255471 DC : 0 | BS ISO/IEC 30107-1 - INFORMATION TECHNOLOGY - BIOMETRICS PRESENTATION ATTACK - PART 1: FRAMEWORK |
| 12/30168696 DC : 0 | BS ISO/IEC 29115 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ENTITY AUTHENTICATION ASSURANCE FRAMEWORK |
| ISO/IEC 30136:2018 | Information technology — Performance testing of biometric template protection schemes |
| ISO/IEC 24761:2009 | Information technology — Security techniques — Authentication context for biometrics |
| 07/30143287 DC : 0 | BS ISO/IEC 24761 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - AUTHENTICATION CONTEXT FOR BIOMETRICS |
| INCITS/ISO/IEC 24761 : 2009(R2014) | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - AUTHENTICATION CONTEXT FOR BIOMETRICS |
| ISO/IEC 29115:2013 | Information technology — Security techniques — Entity authentication assurance framework |
| 16/30329605 DC : 0 | BS ISO/IEC 30107-3 - INFORMATION TECHNOLOGY - BIOMETRIC PRESENTATION ATTACK DETECTION - PART 3: TESTING AND REPORTING |
| INCITS/ISO/IEC 24745 : 2012(R2017) | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - BIOMETRIC INFORMATION PROTECTION |
| ISO/IEC 17922:2017 | Information technology — Security techniques — Telebiometric authentication framework using biometric hardware security module |
| ISO/IEC TR 30117:2014 | Information technology — Guide to on-card biometric comparison standards and applications |
| ISO/IEC 24745:2011 | Information technology — Security techniques — Biometric information protection |
| INCITS/ISO/IEC 19896-3:2018(R2019) | IT security techniques -- Competence requirements for information security testers and evaluators -- Part 3: Knowledge, skills and effectiveness requirements for ISO/IEC 15408 evaluators |
| INCITS/ISO/IEC 29115:2013[R2019] | Information technology - Security techniques - Entity authentication assurance framework |
| INCITS/ISO/IEC 30107-3:2023(2024) | Information technology — Biometric presentation attack detection — Part 3: Testing and reporting |
| ISO/IEC 24713-1:2008 | Information technology — Biometric profiles for interoperability and data interchange — Part 1: Overview of biometric systems and biometric profiles |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO/IEC 19795-1:2006 | Information technology — Biometric performance testing and reporting — Part 1: Principles and framework |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : Users cannot be edited or removed once added to your Multi user PDF.