Back

Configure the "Allow the use of biometrics" to organizational standards.


CONTROL ID
08435
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Allow the use of biometrics" setting to "Not Configured". (19D48715-D4F9-4D49-933A-191517FE0DF9, Win8 Computer Security Compliance, 1.0)
  • Configure the "Allow the use of biometrics" setting to "Not Configured". (00903847-C5C2-466F-9D84-EF8BADD440B0, Win8 Computer Security Compliance, 1.0)
  • Title: Configure 'Allow the use of biometrics' Description: If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with bio… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.8_Configure_Allow_the_use_of_biometrics Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.8.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'Allow the use of biometrics' Description: If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with bio… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.8_Configure_Allow_the_use_of_biometrics Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.8.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'Allow the use of biometrics' Description: If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with bio… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.8_Configure_Allow_the_use_of_biometrics Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.8.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'Allow the use of biometrics' Description: If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with bio… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.8_Configure_Allow_the_use_of_biometrics Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.8.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • The "Allow the use of biometrics" machine setting should be configured correctly. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow the use of biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics Parameters: enabled/disabled … (CCE-11545-1, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • Any memorized secret used by the authenticator for activation SHALL be a randomly-chosen numeric secret at least 6 decimal digits in length or other memorized secret meeting the requirements of Section 5.1.1.2 and SHALL be rate limited as specified in Section 5.2.2. A biometric activation factor SHA… (5.1.5.1 ¶ 6, Digital Identity Guidelines: Authentication and Lifecycle Management, NIST SP 800-63B)
  • Biometrics SHALL be used only as part of multi-factor authentication with a physical authenticator (something you have). (5.2.3 ¶ 4, Digital Identity Guidelines: Authentication and Lifecycle Management, NIST SP 800-63B)
  • Previously collected biometric data MAY be reused with the new PIV Card if the expiration date of the new PIV Card is no later than 12 years after the date that the biometric data was obtained. As biometric system error rates generally increase with the time elapsed since initial collection (referen… (2.9.1 ¶ 7, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)