19-01-2012, 02:46 PM
BIOMETRICS SECURITY TECHNICAL IMPLEMENTATION GUIDE
biometrics-stig-v1r2.txt (Size: 67.88 KB / Downloads: 42)
Historically, biometrics has been relegated to a single method (fingerprinting). However, in the
last two to three years, new biometric methods and technologies have been developed that lower
cost and increase usability. Companies developing new methods number in the hundreds and
their methods continue to evolve as the technology advances. The availability, effectiveness, and
affordability of biometric technology continues to progress as the demand for authentication has
increased. This increased interest is driven by an exploding problem with identity theft and
computer fraud coupled with the increased use of remote connectivity methods, such as, Internet
access.
1.2 Authority
DOD Directive 8500.1 requires that “all IA and IA-enabled IT products incorporated into DOD
information systems shall be configured in accordance with DOD-approved security
configuration guidelines” and tasks DISA to “develop and provide security configuration
guidance for IA and IA-enabled IT products in coordination with Director, NSA.” This
document is provided under the authority of DOD Directive 8500.1.
1.3 Scope
This document is a requirement for all DOD administered systems and all systems connected to
DOD networks. These requirements are designed to assist Security Managers (SMs),
Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System
Administrators (SAs) with configuring and maintaining security controls.
1.4 Writing Conventions
Throughout this document, statements are written using words such as “will” and “should.” The
following paragraphs are intended to clarify how these STIG statements are to be interpreted.