NIST readies new standards for biometric ID cards


Federal agencies looking to incorporate iris recognition authentication add-on capabilities to their Personal Identity Verification cards will soon get some expert help from the National Institute of Standards and Technology.

In July, NIST is set to release a key biometric reference that federal and federal contractors can use to develop identification cards under the Federal Information Processing Standard 201 (FIPS-201), Personal Identity Verification.

Charles Romine, director of NIST’s Information Technology Lab, in an email to FCW, provided some of the details that will be contained in the Special Publication 800-76-2, Biometric Data Specification for Personal Identity Verification.

The document has been eagerly awaited by lawmakers and federal agencies hungry for technical guidance on how to incorporate more-secure biometric identifiers on official identification credentials.

NIST’s development work on the document came under heavy criticism during a June 19 hearing by the House Oversight and Government Reform Committee's Subcommittee on Government Operations on biometric identification cards. Subcommittee Chairman John Mica (R-Fla.) and subcommittee Ranking Minority Member Gerry Connolly (D-Va.) lamented the lack of technical guidance for federal agencies in developing identification documents that incorporated iris and fingerprint biometric information. They railed against Romine’s predecessor, former information technology lab director Cita Furlani, who promised the committee that the same iris recognition/fingerprint biometric guidance would be available more than a year ago, but then retired without providing it.

At the latest June hearing, Romine told lawmakers the institute would release the biometric reference within 30 days.

The document, developed in conjunction with federal agencies, industry and industry stakeholders, extends biometric specifications of an initial 2007 edition release, said Romine.

Romine said NIST SP 800-76-2 will include specifications for federal agencies to use iris recognition as an optional add-on for authentication of their PIV cardholders. It will describe technical acquisition and formatting specifications for the biometric credentials of the PIV system, including the PIV Card itself, he said. It also details procedures and formats for fingerprints, iris and facial images.

Specific enhancements in the 2013 edition include the adoption of a specialized compact and formally standardized iris image format to provide agencies with another option for authenticating PIV cardholders.

The iris specifications in NIST SP 800-76-2, he said, are based on specialized iris image format requirements for compact storage in the international standard, ISO/IEC 19794-6:2011.

Additionally, images of one or both eyes may be placed on the card – each image size will have size of no more than 3 kilobytes per eye which supports compact on-card storage and fast reading times, he said. The document also includes performance specifications for iris biometrics to ensure accuracy, and provide guidance on iris camera selection by providing specifications. The standards-based elements specifications support interoperable authentication within and across agencies that may choose to use iris recognition. The fingerprint on-card comparison, said Romine, allows activation of PIV cards without entering a PIN. While not required, he said, agencies can use this technology at their option.

Note: This article was updated on July 1 to correct the misidentification of NIST's former information technology lab director Cita Furlani.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Elections
    voting security

    'Unprecedented' challenges to safe, secure 2020 vote

    Our election infrastructure is bending under the stress of multiple crises. Administrators say they are doing all they can to ensure it doesn't break.

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.