FBI seeks industry input on biometric algorithms for NGI modernization

The scale of the system is one of the most important details in the notice

The Federal Bureau of Investigation (FBI) is surveying the biometrics industry for commercially available algorithms that could support or replace key matching capabilities within the bureau’s Next Generation Identification (NGI) system, one of the largest government repositories of biometric and criminal history information in the world.

The Request for Information (RFI), issued by the FBI’s Criminal Justice Information Services (CJIS) division in Clarksburg, West Virginia, provides a detailed view of the bureau’s continuing effort to assess new biometric matching technology for fingerprints, latent prints, facial recognition, iris recognition, and tattoo recognition, as well as the systems needed to transition and maintain these capabilities inside FBI-approved cloud environments.

CJIS operates NGI as a central biometric and criminal history platform used by federal, state, local, tribal and territorial law enforcement partners.

The FBI says it is looking to scientific advances to improve the “range and quality” of its identification and investigative capabilities.

For biometric vendors, the notice is an early signal that National Institute of Standards and Technology (NIST)-tested performance, secure domestic software handling, GovCloud deployment, FedRAMP High compliance, and the ability to manage massive biometric repositories will be central to any future FBI consideration.

The RFI is the third in a series of FBI market research notices focused on biometric matching algorithms. This latest notice asks vendors to provide information on ownership structure, secure software build facilities, algorithm capabilities, transition plans, scalability, software maintenance, licensing, response times, and accuracy.

A key threshold requirement is participation in National Institute of Standards and Technology (NIST) biometric testing. The FBI says published NIST results will be required for all vendors interested in supplying biometric algorithms to the bureau.

A future vendor notice, expected sometime before the end of this year, will set a deadline for companies to have full working copies of their algorithms submitted for testing.

Algorithms that do not function with the NIST application programming interface by that deadline, or that are submitted after the cutoff, will not be accepted for FBI consideration.

The RFI asks vendors to describe all biometric modalities they offer and specifically identified rolled fingerprints, flat or slap fingerprints, latent fingerprints, facial recognition, iris recognition, and tattoo pattern recognition.

Vendors offering latent services must also provide a web-based latent case management system.

The latent requirement is significant because the FBI is not only asking about matching algorithms, but also about case management functionality used by examiners and investigators.

The RFI says latent services must support the processing and identification of partial or unclear fingerprints typically collected from crime scenes. The required latent case management system must include capabilities such as data management, advanced image processing, biometric search functions, and database administration.

The FBI also requires that all modalities and the latent case management system reside within an FBI-approved GovCloud environment. Biometric algorithms must be able to operate in that environment and meet FedRAMP High certification requirements.

Personnel working on the effort may be required to hold at least a Secret-level clearance.

The scale of the system is one of the most important details in the notice. The FBI asks vendors to explain how they would transition NGI’s biometric repositories to their solution without data loss, including enrollment, validation, and reconciliation of each repository.

Vendors must also explain how they would identify and resolve error records during transfer, including any “force” migration techniques to ensure the accuracy and completeness of the final dataset.

The gallery sizes listed in the RFI show the scope of what any vendor would need to support. The latent repository is listed at 650 million records, with an average of 24,800 electronic biometric transmission specification searches per month.

The fingerprint gallery is listed at 200 million records, with more than 5.2 million average monthly searches.

The face gallery is listed at 175 million records, though with a much smaller average monthly search volume of 4,800.

Rapid Ten Print is listed at 10 million records with 800,000 monthly searches.

The iris gallery is listed at 2 million records with 3,500 monthly searches, and the Unsolved Latent File is also listed at 2 million records, with 5.2 million monthly searches.

Those figures show that the FBI is evaluating technology not merely for accuracy in controlled conditions, but for deployment at national scale.

The bureau asks vendors to describe how their technology, infrastructure, and services would allow NGI to handle more data, users, and complexity while maintaining performance, reliability, and security.

Vendors are also asked to explain whether their systems use modular or flexible architecture that can adapt to future biometric technologies and changing requirements.

The RFI also places considerable emphasis on software supply chain security. Foreign companies responding to the notice must provide a secure facility physically located inside the U.S. for building, compiling, and initial testing of all software components intended for integration into NGI.

The requirement appears designed to reduce the risk that foreign-built or foreign-controlled software could be introduced into one of the federal government’s most sensitive law enforcement identity systems without adequate domestic security controls

The FBI is also asking vendors to disclose their ownership structure, including any foreign ownership concerns involving stakeholders or investors.

That requirement reflects the sensitivity of biometric infrastructure and the growing concern across government about vendor ownership, foreign influence, and the security of software used in critical public-sector systems.

The bureau’s maintenance requirements are similarly demanding. Any software delivered for NGI must support what the FBI calls a “24×7 no fail mission” and be designed and maintained to achieve 99.95 percent uptime.

The bureau also asks vendors to submit benchmark data on response times and accuracy. The requested information includes average, median, and worst-case response times, as well as false match and false non-match rates for rolled fingerprints, flat or slap fingerprints, latent fingerprints, facial recognition, iris recognition, and tattoo pattern recognition.

The FBI specifically points to NIST evaluations or comparable independent testing frameworks as sources of supporting documentation.

The tattoo recognition component is notable because it reflects the FBI’s continued interest in biometric and soft-biometric identifiers beyond traditional fingerprints and faces.

Questions from industry are due by noon Eastern on June 12, with answers expected to be posted through SAM.gov by June 17. Vendor submissions are due by noon Eastern on June 30.

Article Topics

biometric database  |  biometric matching  |  biometrics  |  FBI  |  law enforcement  |  NGI - Next Generation Identification  |  RFI