DOD expanding biometrics rules

Common Criteria home page

The Pentagon is considering a new policy that would require biometrics products — whether used for physical security or cybersecurity — to be evaluated

using the Common Criteria Scheme.

When acquiring information assurance products, the Defense Department

is required to give preference to products evaluated under the international

Common Criteria Evaluation and Validation Scheme.

Under the Common Criteria Scheme, products are tested by commercial

laboratories accredited by the National Information Assurance Partnership.

The process allows technologies certified in one country to be automatically

approved for government purchase in any of the 13 participating countries.

Even if used for physical security, biometrics products have information

assurance element and should therefore be subjected to thorough evaluation

prior to DOD purchase, said Phillip Loranger, who leads the office of the

Army's director for biometric technology integration and insertion.

The policy was drafted by Loranger's office and delivered Tuesday evening

to the Army chief information officer, after which it is destined for the

desk of Art Money, the Pentagon CIO.

The Army acts as the lead agency in DOD for biometrics systems. Loranger

said the document has been approved by the other services and that he foresees

no hurdles to final approval.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected