• YubiKey FIPS Series YubiKey 5C FIPS Slim USB-C form factor for easy to carry on a keychain YubiKey 5 Nano FIPS Slim USB-A form for semi-permanent installation and convenience YubiKey 5C Nano FIPS Ultra-slim USB-C form factor for semi-permanent installation and convenience Certifications NIST | National Institute of Standards Cryptographic module validation for YubiKey Cryptographic module validation testing […] Read more
• What is authentication assurance? What is authentication assurance level 3? The NIST is on version 3 of the Authentication Assurance levels, called Authentication Assurance Level 3 (AAL3). Authentication Assurance relies on examination of the cryptographic modules of an authenticator. Level 3 requirements (AAL3) means that the code is within a tamper-proof container so that keys used in the cryptography are destroyed […] Read more
• Lessons from the SolarWinds incident Last week, a large and expertly run espionage operation was made public — one that began no later than October 2019, and which had been actively exploiting victims since at least early 2020. This incident is particularly interesting for several reasons: for the breadth of sensitive global government and industry targets, for misuse of a […] Read more
• What is FIPS 140-2? What does it mean to be FIPS 140-2 Certified/Validated? To be FIPS 140-2 certified or validated, the software (and hardware) must be independently validated by one of 13 NIST specified laboratories, this process can take weeks. The FIPS 140-2 validation process examines the cryptographic modules. Level 1 examines the algorithms used in the cryptographic component […] Read more
• How NIST and eIDAS revisions are shaping the future of e-identification This blog is co-authored by John Fontana, Standards Analyst at Yubico.  On both sides of the Atlantic, standards and regulations on electronic identification are being revised more or less simultaneously. In the United States, the National Institute of Standards and Technology (NIST) accepted public comments on its SP 800-63-3 Digital Identity Guidelines last month, which is on […] Read more
• The key to DFARS/NIST Compliance There are only 8 weeks left before the Defense Federal Acquisition Regulation Supplement (DFARS) deadline, and now is the right time for US government contractors to secure Active Directory users. DFARS compliance was structured to protect unclassified US Department of Defense (DoD) information on a contractor’s internal information system from cyber incidents, and to minimize […] Read more