ISO 19092#Unpublished Part 2
{{Short description|ISO standard}}
{{Use British English Oxford spelling|date=January 2012}}
ISO 19092 Financial Services - Biometrics, released as ISO 19092 Financial Services - Biometrics - Part 1: Security framework, is an ISO standard and describes the adequate information management security controls and the proper procedures for using biometrics as an authentication mechanism for secure remote electronic access or local physical access controls for the financial and other critical infrastructure industries.Bidgoli, Hossein. [https://books.google.com/books?id=0RfANAwOUdIC&pg=PA497 Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management]. Germany, Wiley, 2006. 497.
The standard also provides a useful tutorial on biometric systems and technology, describes the physical security requirements of biometric devices, the minimal content for Biometric Policy (BP) and Biometric Practice Statements (BPS), and secure event journal content for review and audit of biometric systems.
Unpublished Part 2
There was to be an ISO 19092 Financial Services - Biometrics - Part 2: Message syntax and cryptographic requirements to describes the techniques, protocols, cryptographic requirements, and syntax for using biometrics as an identification and verification mechanism in a wide variety of security applications in the financial industry.{{Cite web |title=ISO 19092:2008 |url=https://www.iso.org/obp/ui/#iso:std:iso:19092:ed-1:v1:en |access-date=2023-11-10 |website=ISO}}{{Cite web |title=iTeh Standards |url=https://standards.iteh.ai/catalog/standards/iso/9a3361ee-4092-4b94-838e-9e14426ce2a7/iso-19092-2008 |access-date=2023-11-10 |website=iTeh Standards |language=en}} However, consensus was never reached on this part.{{cite web |title=ISO 19092:2008(en) |url=https://www.iso.org/obp/ui/#iso:std:iso:19092:ed-1:v1:en |website=www.iso.org |access-date=25 August 2024}}
The standard was to provide support for policy based matching decisions for remote authentication and allows biometrics to be used securely with the ISO 8583 retail transaction messaging standard.{{Cite web |last=Woodward, Jr. |first=John |date=2004-09-10 |title=Department of Defense Biometric Standards Development Recommended Approach |url=https://www.hsdl.org/c/view?docid=449571 |website=hsdl.org}} A secure review and audit event journal syntax was to allow many of the security controls specified in Part 1 to be implemented.{{Cite web |last=Lundin |first=Mark |date=2005-10-20 |title=IT and Security Standards A Practical Approach to Implementation |url=http://www.sfisaca.org/download/KPMG-ISACA-SF-Standards_Lundin_10-20-05.pdf |website=sfiasca.org}}