• Raising the security bar for critical infrastructure: Breaking down CISA’s new Cybersecurity Performance Goals 2.0 The Cybersecurity & Infrastructure Security Agency (CISA) recently released an updated version of its Cross-Sector Cybersecurity Performance Goals (CPG 2.0), marking a significant shift toward a more resilient national cyber posture. By aligning these goals with the NIST Cybersecurity Framework 2.0, CISA is providing critical infrastructure organizations such as energy, financial services, IT, healthcare, government […] Read more CISA NIST
• FIPS certified vs. FIPS compliant: What’s the real difference? “Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […] Read more FIPS NIST
• Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeys In just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […] Read more NIST PCI DSS PCI DSS 4.0
• Yubico submits YubiKey 5 FIPS Series for FIPS 140-3 validation We’re excited to share that the YubiKey 5 FIPS Series latest 5.7 firmware has completed testing by our NIST accredited testing lab, and has been submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation, Overall Level 2 and Physical Level 3. This marks a significant milestone in our ongoing commitment to providing […] Read more FIPS NIST YubiKey 5.7 YubiKey FIPS Series
• Adapting to new cybersecurity regulations and addressing evolving threats within financial services In late 2023, the U.S. subsidiary of the Industrial and Commercial Bank of China was hit with ransomware, creating a ripple effect across the U.S. Treasury market. In February 2024, Bank of America reported a breach impacting 57,000 account holders related to a compromise with a third-party software provider. And as recently as June, a […] Read more financial services NIST PCI DSS phishing-resistant MFA
• New NIST guidance on passkeys: Key takeaways for enterprises NIST recently released an update to SP800-63B to provide guidance on syncable authenticators. As FIDO passkeys continue becoming more adopted and available at a large scale, NIST guidance helps organizations properly position and plan so they can successfully implement synced passkeys both internally and externally.  Within the guidance, it’s important to understand the nuance of […] Read more government NIST passkeys phishing-resistant MFA
• What CISA and NSA’s ESF guidance means for critical infrastructure cybersecurity The Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently collaborated to produce an important new document, “Identity and Access Management: Recommended Best Practices for Administrators.” Part of the Enduring Security Framework (ESF), it presents a distillation of identity access management (IAM) and cybersecurity guidance put forth by CISA to date, based […] Read more CISA critical infrastructure ESF government NIST
• A new era for Federal identity with Joe Scalone – Yubico This is part two of a two-part series on the latest NIST guidelines. To read part one, check out our blog post here. Over the past six months, three National Institute of Standards and Technology (NIST) draft guidelines were released that will change how federal agencies manage digital identity services, the authentication of users and […] Read more FIDO2 NIST NIST SP 800-63-4
• NIST SP 800-63-4: What the new phishing-resistant definition means for federal agencies The recent drafts from National Institute of Standards and Technology (NIST) around cybersecurity highlight important updates on where the government is moving on technology and the focus on increasing security against cyber threats. This is because NIST’s primary goal is to develop and disseminate the standards that allow technology to work seamlessly and businesses to […] Read more federal government NIST NIST SP 800-63-4 passkey
• Compliant PINs and MFA: Modern direction for staying secure Entities within the US Federal Government are in the midst of a drastic change regarding how they approach the services they are using—moving away from traditional on-prem and proprietary systems to cloud services based on private platforms, like Azure and Amazon Web Services. However, the requirements for security remain the same regardless of the platform […] Read more NIST phishing-resistant MFA PINs smart card YubiKey