Yubico Expands FIPS 140-2 Certification to YubiKey 5 Series and YubiHSM2

Yubico Team

Yubico Team

3 minute read

Today, we are happy to share that the YubiKey 5 Series firmware has completed testing by our NIST accredited testing lab, and has been submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-2 certification, Overall Level 2, Physical Security Level 3. Soon, the YubiKey 5 Series firmware will also be submitted for FIPS 140-2 Level 1 certification, and the YubiHSM 2 firmware will be submitted for FIPS 140-2 Level 3 certification for the first time.

Yubico has a large number of customers that rely on our YubiKey FIPS Series security keys to keep their organizations secure, as well as compliant to government and industry regulations. With this continued certification effort, Yubico is not only doubling down on our commitment to support our current and future FIPS customers, but we are expanding the options that are available, including more certification levels and a broader range of FIPS-compliant product offerings.

YubiKey 5 FIPS Series

We are excited to be certifying another hardware module type that offers Physical Security Level 3. This allows YubiKeys to be used when Authentication Assurance Level 3 is required, and enables compliance to Federal Risk and Authorization Management Program (FedRAMP), and Defense Federal Acquisition Regulation Supplement (DFARS).

With both Level 1 and Level 2 certifications under way, the upcoming YubiKey 5 FIPS-validated platform will give our customers the flexibility to meet the level of compliance that is best suited for their particular needs. Key benefits of the new series will include:

  1. Additional form factors: The YubiKey 5 FIPS Series will include new FIPS 140-2 validated form factors such as the YubiKey 5 NFC, YubiKey 5Ci, and the upcoming YubiKey 5C NFC. The YubiKey 5C Nano and YubiKey 5 Nano will also be available. Together, this combination of form factors will provide our customers with a range of choices, and open up new use cases for strong authentication on both iOS and Android mobile platforms.
  2. FIDO2 certification: The YubiKey 5 FIPS Series will be the first line of FIDO2-enabled security keys to receive FIPS 140-2 certification. Yubico is a core contributor to the FIDO2 standard, and has helped drive native support in all major browsers and operating systems, as well as its rapid adoption in the commercial space. More recently, we have seen a surge in interest from government agencies as well.
  3. Multi-protocol support: The YubiKey 5 FIPS Series will continue to support all of the standard protocols that are offered in our current YubiKey FIPS Series: FIDO U2F, PIV, Yubico OTP, OATH OTP (TOTP and HOTP), and OpenPGP.

YubiHSM 2 FIPS

For the first time, we will also be pursuing FIPS 140-2, Level 3 certification for our YubiHSM 2 Hardware Security Module (HSM). We are excited about the prospect of offering a cost-effective, small-footprint Level 3 device.

For more information on the YubiKey as a government-approved CAC and PIV card alternative, please listen to our on-demand webinar, “Modern CAC/PIV alternatives: Securing government teleworkers & mobile devices.”

To stay up to date on the YubiKey 5 Series certification progress, please visit the CMVP’s Module-in-Process List. Yubico will continue to release information on the YubiKey 5 FIPS Series and YubiHSM 2 FIPS as details become available. 

, , ,
Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey