The Department of Defense’s Office of Inspector General released a report evaluating the DOD’s control and accountability over biometric devices that collect, store and transmit biometric data.
The report revealed that military services and combatant commands complied with DOD policy and their guidance and procedures for biometric devices but found that some devices could not encrypt data because the DOD does not specify information security standards or require encryption on the biometric technologies, the DOD OIG said Thursday.
To address the issue, the inspector general recommended that the undersecretary of defense for intelligence and security add data encryption standards to the DOD biometrics policy.
Biometric devices covered in the report include secure electronic enrollment kits, biometric automated toolsets, Javelin, Biosled and handheld interagency identity detection equipment.
“Improving DOD-wide standards for encryption and data protection requirements for biometric devices would help to reduce the risks of inadvertent release of such sensitive information,” said DOD Inspector General Robert Storch.