NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-5(12)Biometric Authentication Performance

For biometric-based authentication, employ mechanisms that satisfy the following biometric quality requirements {{ insert: param, ia-05.12_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Unlike password-based authentication, which provides exact matches of user-input passwords to stored passwords, biometric authentication does not provide exact matches. Depending on the type of biometric and the type of collection mechanism, there is likely to be some divergence from the presented biometric and the stored biometric that serves as the basis for comparison. Matching performance is the rate at which a biometric algorithm correctly results in a match for a genuine user and rejects other users. Biometric performance requirements include the match rate, which reflects the accuracy of the biometric matching algorithm used by a system.

Practitioner Notes

This enhancement specifies requirements for biometric authentication performance — biometrics must meet defined accuracy thresholds to be acceptable.

Example 1: If using Windows Hello facial recognition, verify that the cameras meet Microsoft's anti-spoofing requirements and the system achieves the false acceptance rates specified by your organization.

Example 2: For fingerprint readers, select devices that meet FBI PIV standards for false acceptance rate (FAR) and false rejection rate (FRR) to ensure reliable authentication.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts