IA-5(17): Presentation Attack Detection for Biometric Authenticators

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

Employ presentation attack detection mechanisms for biometric-based authentication.

Supplemental Guidance

Biometric characteristics do not constitute secrets. Such characteristics can be obtained by online web accesses, taking a picture of someone with a camera phone to obtain facial images with or without their knowledge, lifting from objects that someone has touched (e.g., a latent fingerprint), or capturing a high-resolution image (e.g., an iris pattern). Presentation attack detection technologies including liveness detection, can mitigate the risk of these types of attacks by making it difficult to produce artifacts intended to defeat the biometric sensor.