Home' RTCA Documents for Review : DO-230H FRAC Contents 37
©2017 RTCA, Inc.
Reference Biometrics Reader
‘Reference’ biometric(s) (fingerprint, iris, palm scan, etc.) may be collected from an Applicant at the
beginning of the credentialing process and used subsequently to authenticate identification at various stages
such as issuance of a badge. This further ensures that the airport credential is provided to the appropriate
Note: This reference biometric need not be the same as the biometric collected for transmission to
the TSA via a DAC. It could be as simple as a facial image with manual comparison. At some
airports with high impersonation rates additional measures may be required.
Airport credential issuers often utilize either high-speed document scanners or flatbed scanners for more
fragile documents to retain images electronically, and to reduce the need to file, safeguard and secure paper
Electronic Signature Pad Systems
Electronic signature pads capture signatures electronically thus eliminating the need for “wet” signatures
Cybersecurity in Credentialing 17
While airport operators are not yet mandated by federal regulation to impose specific cybersecurity
measures with respect to information collected and maintained in the process of identity management, the
issue of cybersecurity is particularly important. Data collected in the credentialing process is clearly
identified as Personally Identifiable Information (PII), and critical systems and PII provide attractive targets
for a range of cyber criminals. PII information provided for credential applications is sensitive, and may
be misused by others if not properly protected.
While in the U.S., federal authority is not controlling, government guidance for appropriately
safeguarding PII is outlined
These federal acts have served as models for subsequent state regulation
and local ordinances and other guidance regarding protection of PII. Specifically, with respect to threats
posed in cyber space, recent federal initiatives may also provide helpful guidance
These resources may help in the design of programs to provide cybersecurity for critical PII. The failure to
secure PII against potential cyber-attack may not only expose airport operators to dangerous security
breaches, but to litigation on the part of individuals whose PII is compromised.
17 See section on cyber section in the Communication section and the Procurement sections of 230F respectively
18 See for example http://www.nist.gov/cyberframework/.
19 E-Government Act of 2002, [Refer: Pub. L. 107–347], and the Privacy Act of 1974, [Refer: Pub. L. 93–579]
20 In February 2013, the President promulgated Executive Order 13636: Improving Critical Infrastructure Cybersecurity [Refer:
https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity]. In February 2014,
the National Institute for Science and Technology published the Framework for Improving Critical Infrastructure Cybersecurity, (Version1.0) [Refer:
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf]. State laws can apply here, e.g. MA 201
http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf see also CA, NV, others.
Links Archive Navigation Previous Page Next Page