DOD expanding biometrics rules

Common Criteria home page

The Pentagon is considering a new policy that would require biometrics products — whether used for physical security or cybersecurity — to be evaluated

using the Common Criteria Scheme.

When acquiring information assurance products, the Defense Department

is required to give preference to products evaluated under the international

Common Criteria Evaluation and Validation Scheme.

Under the Common Criteria Scheme, products are tested by commercial

laboratories accredited by the National Information Assurance Partnership.

The process allows technologies certified in one country to be automatically

approved for government purchase in any of the 13 participating countries.

Even if used for physical security, biometrics products have information

assurance element and should therefore be subjected to thorough evaluation

prior to DOD purchase, said Phillip Loranger, who leads the office of the

Army's director for biometric technology integration and insertion.

The policy was drafted by Loranger's office and delivered Tuesday evening

to the Army chief information officer, after which it is destined for the

desk of Art Money, the Pentagon CIO.

The Army acts as the lead agency in DOD for biometrics systems. Loranger

said the document has been approved by the other services and that he foresees

no hurdles to final approval.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.