NIST readies new standards for biometric ID cards


Federal agencies looking to incorporate iris recognition authentication add-on capabilities to their Personal Identity Verification cards will soon get some expert help from the National Institute of Standards and Technology.

In July, NIST is set to release a key biometric reference that federal and federal contractors can use to develop identification cards under the Federal Information Processing Standard 201 (FIPS-201), Personal Identity Verification.

Charles Romine, director of NIST’s Information Technology Lab, in an email to FCW, provided some of the details that will be contained in the Special Publication 800-76-2, Biometric Data Specification for Personal Identity Verification.

The document has been eagerly awaited by lawmakers and federal agencies hungry for technical guidance on how to incorporate more-secure biometric identifiers on official identification credentials.

NIST’s development work on the document came under heavy criticism during a June 19 hearing by the House Oversight and Government Reform Committee's Subcommittee on Government Operations on biometric identification cards. Subcommittee Chairman John Mica (R-Fla.) and subcommittee Ranking Minority Member Gerry Connolly (D-Va.) lamented the lack of technical guidance for federal agencies in developing identification documents that incorporated iris and fingerprint biometric information. They railed against Romine’s predecessor, former information technology lab director Cita Furlani, who promised the committee that the same iris recognition/fingerprint biometric guidance would be available more than a year ago, but then retired without providing it.

At the latest June hearing, Romine told lawmakers the institute would release the biometric reference within 30 days.

The document, developed in conjunction with federal agencies, industry and industry stakeholders, extends biometric specifications of an initial 2007 edition release, said Romine.

Romine said NIST SP 800-76-2 will include specifications for federal agencies to use iris recognition as an optional add-on for authentication of their PIV cardholders. It will describe technical acquisition and formatting specifications for the biometric credentials of the PIV system, including the PIV Card itself, he said. It also details procedures and formats for fingerprints, iris and facial images.

Specific enhancements in the 2013 edition include the adoption of a specialized compact and formally standardized iris image format to provide agencies with another option for authenticating PIV cardholders.

The iris specifications in NIST SP 800-76-2, he said, are based on specialized iris image format requirements for compact storage in the international standard, ISO/IEC 19794-6:2011.

Additionally, images of one or both eyes may be placed on the card – each image size will have size of no more than 3 kilobytes per eye which supports compact on-card storage and fast reading times, he said. The document also includes performance specifications for iris biometrics to ensure accuracy, and provide guidance on iris camera selection by providing specifications. The standards-based elements specifications support interoperable authentication within and across agencies that may choose to use iris recognition. The fingerprint on-card comparison, said Romine, allows activation of PIV cards without entering a PIN. While not required, he said, agencies can use this technology at their option.

Note: This article was updated on July 1 to correct the misidentification of NIST's former information technology lab director Cita Furlani.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Mon, Jul 1, 2013

I have eye issues already, I wonder what a continuous bombarding of my eye with the light required to read the iris print will do in the long term to the eye. After all, laser workers have to use glasses while using lased light to prevent eye damage even from indirect lased light, this is putting it right into the eye.

Mon, Jul 1, 2013

These standards are good... but let's not fool ourselves into thinking that PIV-stored biometric data really adds another full factor of authenitication. PKI and soon this iris data is still held physically with a card pown'd by a not-yet-authenticated actor. Only if the iris-scan's data (or hash) is sent to and confirmed by the remote service could it be considered another, full factor of authentication.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group