DoD Urged to Enforce Biometric Standards

GAO: Army Biometrics Collection Device Fails to Meet Standards
DoD Urged to Enforce Biometric Standards
Though the Defense Department has adopted standards for the collection of biometric information to help share the authentication information among agencies, one collection device mostly used by the Army does not meet those DoD standards, the GAO said in an audit published Monday.

As a result, the Government Accountability Office said, DoD isn't able to automatically transmit biometric information it collects to other agencies, such as the FBI. This can pose problems because the non-standardized Army collection device is responsible for 13 percent of the records maintained by DoD, the largest number of submissions collected by a handheld device, GAO said. This represents some 630,000 DoD biometric records that cannot be searched automatically against FBI's database of about 94 million records.

"Without efforts to address these issues, the quality and process of collecting and sharing biometrics may continue to limit DoD's ability to identify potential criminals or terrorists who have biometric records in other federal agency's biometric systems in a timely manner, and ultimately these challenges to interoperability may place U.S. national security at greater risk," Davi D'Agostino, GAO director of defense capabilities and management, said in the audit.

GAO said DoD hasn't taken specific actions that would likely improve its adherence to standards, all of which are based on criteria from the Standard for Program Management, the National Science and Technology Council, and the Office of Management and Budget guidance. D'Agostino said DoD doesn't have an effective process, procedure or timeline for implementing updated standards. She said DoD also doesn't routinely test at sufficient levels of detail for conformance to these standards. In addition, the auditor said, DoD hasn't fully defined roles and responsibilities specifying accountability needed to ensure its collection devices meet new and updated standards, D'Agostino said.

GAO said DoD has agreements in place with key federal agencies such as the Justice Department to help facilitate direct connectivity between their biometric systems, but it hasn't finalized an agreement with DHS and by extension the State Department. "Agencies have expressed concern that DoD's biometric system may be unable to meet the search demands from their own biometric systems within useful response time frames," D'Agostino said.

Among GAO's recommendations, implement processes to update collection devices to adopt biometrics standards and test collection devices to ensure they meet DoD standards. GAO also recommended that DoD identify its long-term biometric system capability needs, including the technological capacity and associated costs needed to support the warfighter and to promote sharing of biometric information across federal agencies. DoD concurred with the recommendations.

* * *

Also see:

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.