This document specifies general principles, requirements and guidance for a security evaluation of a biometric system. This document provides an overview of the main biometric-specific aspects, i.e. recognition performance, presentation attack detection and privacy, and specifies principles to consider for the security evaluation of a biometric system. This document does not address the non-biometric aspects which can form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).