FIDO Accredited Biometric Laboratories

FIDO accredits independent labs to perform biometric evaluations as part of FIDO Alliance’s Biometric Component Certification Program. This page contains a list of the accredited laboratories and further information about the accreditation process.


Accredited Biometric Laboratory List

Click here to load this Caspio Online Database.

FIDO Alliance is accepting applications for Accreditation (see process below); newly accredited laboratories will be added once they are issued an accreditation certificate.


Laboratory Accreditation Process

The full accreditation process and requirements for laboratories is defined in the Biometric Laboratory Accreditation Policy.

The following list provides a high level overview over the accreditation procedure.

  1. As a first step, the candidate lab shall review the FIDO Security Biometric Accreditation Policy and ensure to meet the minimum third-party accreditation requirements (below).
  2. Then, the candidate laboratory may complete the FIDO Accreditation Application Form and submit it to FIDO Alliance’s biometric secretariat.
  3. If the application is approved, an on-boarding call with the biometric certification secretariat will be scheduled
  4. The next step is the core of the accreditation process. FIDO Alliance’s biometric certification secretariat will review the application form submitted by the candidate laboratory and work together with the representative of the laboratory to make sure that the laboratory fulfills all technical and legal requirements.
  5. Eventually, a dedicated training is scheduled with the laboratory. All dedicated biometric testers shall attend the training and have to pass an exam.
  6. The last step of the accreditation process concerns the organizational aspects to set up the laboratory with FIDO Alliance. The laboratory has to pay their accreditation fees and create a FIDO account for approved evaluators.

The following sections provide more information about the requirements that a biometric laboratory has to meet.

Biometric Laboratory Accreditation Requirements

FIDO Alliance’s criteria for biometric laboratories has been developed in a way that facilitates the re-use of pre-existing accreditations.

The requirements for biometric laboratories can be split into: a) general requirements for laboratories (based on ISO/IEC 17025); and, b) requirements on the technical competence of the laboratory.

General requirements

As a baseline, compliance to ISO/IEC 17025 is a prerequisite for all laboratories and can be shown through a third-party accreditation. If no existing accreditation can be used to show the adherence of the laboratory to this baseline standard, the laboratory may decide to either undergo accreditation with its national accreditation body or may also decide to show adherence to the criteria directly to FIDO Alliance in the course of the accreditation process.

Requirements on technical competence

In addition to the requirements from ISO/IEC 17025, the laboratory must show its technical competence in the area of biometric performance testing and PAD testing.

From a technical standpoint, this means that the laboratory shall be able to perform testing in compliance with the following ISO/IEC programs.

Scope Program Area of Accreditation
ISO/IEC 19795-1:2006 (ISOIEC-19795-1) Information Technology Biometric performance testing and reporting-Part 1: Principles and framework
ISO 30107:2007 Information Technology Biometric presentation attack detection — Part 3: Testing and reporting

Competence to test according to the aforementioned standards can either be shown to FIDO in the course of the accreditation or be proven by re-using existing accreditations.

Accreditations from the following programs can be used as evidence:

Program Accreditation Scope URL
NIST NVLAP Biometric Testing
  • 30/BTA Biometrics Testing and Analysis
  • 30/ST Scenario Testing – Human Crew (Laboratory)
  • 30/SLT System Level Testing (Enrollment/Verification)
  • 30/CPST Conformance to Performance Specifications Testing

 

https://www.nist.gov/nvlap/biometrics-testing-lap
Common Criteria Common Criteria Licensed Lab Must meet evaluated an implementation against one of the Protection Profiles listed in the table below. https://www.commoncriteriaportal.org/labs/

In order for a Laboratory to claim Common Criteria (CC) Accreditation as evidence for the Accreditation Application the Laboratory must have performed an evaluation against at least one of the following Protection Profiles, OR provide evidence of using [CAFVM] or [BEAT]. The reason for this additional requirement lays in the fact that the Common Criteria is a very generic standard and a pure accreditation according to Common Criteria does not show any biometric competence of the candidate laboratory.

Common Criteria Protection Profiles:

Protection Profile Version/Date CC Version URL
Biometric Verification  Mechanisms Protection Profile 1.3: 7 August 2008 3.1 Revision 2 https://www.commoncriteriaportal.org/files/ppfiles/pp0043b.pdf
Fingerprint Spoof
Detection Protection Profile
1.7: 27 November 2009 3.1 Revision 2 https://www.commoncriteriaportal.org/files/ppfiles/pp0062b_pdf.pdf
Fingerprint Spoof Detection Protection Profile 1.8: 25 January 2010 3.1 Revision 3 https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/PP/aktuell/PP_0063.html

Laboratory Accreditation Fees

The following fees apply to Laboratory Accreditation:

Fee Type Member Non-Member
Initial Accreditation Fee $11,500 USD $15,000 USD
Yearly Fee $3,800 USD $5,000 USD
Renewal Assessment Fee $11,500 USD $15,000 USD

Initial Accreditation Fee

The Initial Accreditation Fee is due prior to the issuance of the Laboratory Accreditation Certificate.

Yearly Fee

The yearly fee will be due yearly on the Certificate Issuance date. The Yearly Fee does not apply on years where there is a Renewal Assessment Fee.

Renewal Assessment Fee

The Renewal Assessment fee will be due every three years from the Certificate Issuance date. Laboratories are required to complete the Renewal Assessment process prior to the expiration of their Certificate.


Implementer Dashboard

Implementers can Login to view their Dashboard.