IA-5(17): Presentation Attack Detection for Biometric Authenticators

Control Family:

Identification and Authentication

Parent Control:

IA-5: Authenticator Management

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

Threats Addressed:

Spoofing
Repudiation

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Employ presentation attack detection mechanisms for biometric-based authentication.

Supplemental Guidance

Biometric characteristics do not constitute secrets. Such characteristics can be obtained by online web accesses, taking a picture of someone with a camera phone to obtain facial images with or without their knowledge, lifting from objects that someone has touched (e.g., a latent fingerprint), or capturing a high-resolution image (e.g., an iris pattern). Presentation attack detection technologies including liveness detection, can mitigate the risk of these types of attacks by making it difficult to produce artifacts intended to defeat the biometric sensor.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5