scope:

This Standard specifies the minimum security requirements for effective management of biometric data. Within the scope of this Standard the following topics are addressed: Security for the collection, distribution, and processing, of biometric data, encompassing data integrity, authenticity, and non-repudiation; Management of biometric data across its life cycle comprised of the enrollment, transmission and storage, verification, identification, and termination processes; Usage of biometric technology, including one-to-one and one-to-many matching, for the identification and authentication of banking customers and employees; Application of biometric technology for internal and external, as well as logical and physical access control; Encapsulation of biometric data; Techniques for the secure transmission and storage of biometric data; Security of the physical hardware used throughout the biometric data life cycle; Techniques for integrity and privacy protection of biometric data.