Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.231 Define biometric verification component

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining mechanisms and components for biometric verification during authentication process.

Requirement

Systems with critical information must define a component for biometric verification during authentication process.

References

  1. HIPAA Security Rules 164.312(d): Person or Entity Authentication: Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

  2. HIPAA Security Rules 164.310(a)(2)(iii): Access Control and Validation Procedures: Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.

  3. OWASP-ASVS v3.1-2.31 Verify that users can enrol and use TOTP verification, two-factor, biometric (Touch ID or similar), or equivalent multi-factor authentication mechanism that provides protection against single factor credential disclosure.


Service status - Terms of Use