Supervised Identity Proofing - Biometrics, v3.0
The requirements for biometric collect for supervised identity proofing.
Assessment Steps (3)
|
1
Review Biometric (ReviewBiometric)
Does the supervisor for remote or in-person identity proofing review the biometric sources before the biometric is collected?
Artifact
Documentation
Provide policies, practices, or existing security audit reports indicating conformance.
|
|
2
Applicant Only Biometrics (ApplicantOnlyBiometrics)
Does the supervisor for remote or in-person identity proofing use technology or procedures to ensure the biometric samples are taken from the applicant and not another person or source?
|
|
3
Biometric Tech (BiometricTech)
TBD - Probably is just another TD or TIP.
|
Conformance Criteria (3)
|
Review Biometric
If the CSP provides Supervised (Remote or In-person) proofing it SHALL document and apply technologies and procedures which ensure that the Proofing Supervisor reviews the biometric source (e.g., fingers, face) for presence of non-natural materials and perform such inspections as part of the proofing process.
Citation
SP800-63A
Section 5.3.3.1 P1
|
|
Applicant Only Biometrics
If the CSP provides Supervised (Remote or In-person) proofing it SHALL document and apply technologies and procedures such that the Proofing Supervisor SHALL ensure that biometric samples are taken from the Applicant themselves and not from another person.
Citation
SP800-63A
Section 5.3.3.1 P2
|
|
Biometric Tech
If the CSP provides Supervised (Remote or In-person) proofing it SHALL ensure that the technologies and procedures applied by the Proofing Supervisor fulfill the biometric performance requirements expressed in 63A#0620 to 63A#0680 inclusive.
Citation
SP800-63A
Section 5.3.3.1 P2
|