Agencies can adopt a risk-based alternative (RBA) to biometric matching through an approval process that justifies the need for an alternative to the NIST-prescribed IAL2 process and demonstrates comparability through analysis of solution performance.
This white paper provides federal agencies background information on establishing a RBA to biometric matching consistent with NIST Special Publication 800-63-3 Section 5.4 Risk Acceptance and Compensating Controls.
Key takeaways include:
- Clarifying what NIST says about strict adherence to 800-63 IAL2 requirements
- Carving out a path for adopting a risk-based alternative
- The Socure solution