search

usnistgov / FIPS201

Working draft of FIPS 201-3
https://pages.nist.gov/FIPS201/
19 stars 8 forks source link

Clearly define the use of biometric comparison #211

Closed currydm closed 3 years ago

currydm commented 3 years ago

All Fields Are Required

Organization Name (N/A, if individual): NASA

Organization Type (see below for codes): 1 = Federal

Reference (Include section/paragraph or pdf line number): Sec 2.4 Line 600, Sec 2.5 Line 836

Comment (Include rationale for comment): "Biometric" is used throughout the document for the purpose of comparison but only fingerprint biometric comparisons are ever detailed as an option (line 600). If the intention is to only allow fingerprint biometric comparison, that needs to be expressely stated. If the intention is to allow fingerprint, iris, or facial image biometric comparison (line 636) that needs to be explained.

Suggested Change: Clearly define the use of biometric comparison to either be limited to fingerprint biometric comparison or to allow comparison of all other biometrics (iris, facial image). Recommend allowing comparison of all biometric types captured during enrollments when a biometric comparison is needed.

Organization Type: 1 = Federal, 2 = Industry, 3 = Academia, 4 = Self, 5 = Other

hferraio commented 3 years ago

Suggest to decline as topic is well covered. Use for other type of biometrics (iris, facial recognition) is documented in detail in the next section.

It also states that fingerprints provide an interoperable authentication mechanism through off-card comparison and is the primary means for PIV issuance and maintenance. (line 613-616).

gfiumara commented 3 years ago

See also #514.

regenscheid commented 3 years ago

In Section 2.3, we intended to require comparing against the fingerprints taken for the background investigation. However, in other areas, biometric comparison was intended to include other biometrics. We were explicit about this in line 836. We could clarify line 636 to include that same language from line 836 that described using other optional biometrics.

jglosx3 commented 3 years ago

Accept in Principle - Updated text in Section 2.3, clarifies that fingerprints are the only allowed biometric for linking to background investigations. Additional biometrics may be used for other verifications if available.