Identity management security requirements and risk-based use cases with a focus on biometrics
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
We intend to contribute to the definition of use cases based on risk assessment for identity and access management (IAM) and privileged access management (PAM), by providing a risk taxonomy and threat catalog, including biometrics-specific considerations such as presentation attack detection (PAD) and biometric data injection. We will also contribute to the drafting process through technical reviews and participation in comment resolution as the standardization work progresses.
What is the expected result and impact of this activity?
Facilitate the development of specific parts of the standard, in line with best practices in the field, and ensure the overall consistency of the standard.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
We will be working on standardization request No. 16 relating to cybersecurity requirements for identity management systems and privileged access management software and hardware, with a focus on risk assessment and biometrics.
