DOD expanding biometrics rules
The Pentagon is considering a new policy that would require all biometrics products to be evaluated using the Common Criteria Scheme
The Pentagon is considering a new policy that would require biometrics products — whether used for physical security or cybersecurity — to be evaluated
using the Common Criteria Scheme.
When acquiring information assurance products, the Defense Department
is required to give preference to products evaluated under the international
Common Criteria Evaluation and Validation Scheme.
Under the Common Criteria Scheme, products are tested by commercial
laboratories accredited by the National Information Assurance Partnership.
The process allows technologies certified in one country to be automatically
approved for government purchase in any of the 13 participating countries.
Even if used for physical security, biometrics products have information
assurance element and should therefore be subjected to thorough evaluation
prior to DOD purchase, said Phillip Loranger, who leads the office of the
Army's director for biometric technology integration and insertion.
The policy was drafted by Loranger's office and delivered Tuesday evening
to the Army chief information officer, after which it is destined for the
desk of Art Money, the Pentagon CIO.
The Army acts as the lead agency in DOD for biometrics systems. Loranger
said the document has been approved by the other services and that he foresees
no hurdles to final approval.
NEXT STORY: EDGAR spiffed up during holiday