Yubico Expands FIPS 140-2 Certification to YubiKey 5 Series and YubiHSM2

Yubico Team

Yubico Team

3 minute read

Today, we are happy to share that the YubiKey 5 Series firmware has completed testing by our NIST accredited testing lab, and has been submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-2 certification, Overall Level 2, Physical Security Level 3. Soon, the YubiKey 5 Series firmware will also be submitted for FIPS 140-2 Level 1 certification, and the YubiHSM 2 firmware will be submitted for FIPS 140-2 Level 3 certification for the first time.

Yubico has a large number of customers that rely on our YubiKey FIPS Series security keys to keep their organizations secure, as well as compliant to government and industry regulations. With this continued certification effort, Yubico is not only doubling down on our commitment to support our current and future FIPS customers, but we are expanding the options that are available, including more certification levels and a broader range of FIPS-compliant product offerings.

YubiKey 5 FIPS Series

We are excited to be certifying another hardware module type that offers Physical Security Level 3. This allows YubiKeys to be used when Authentication Assurance Level 3 is required, and enables compliance to Federal Risk and Authorization Management Program (FedRAMP), and Defense Federal Acquisition Regulation Supplement (DFARS).

With both Level 1 and Level 2 certifications under way, the upcoming YubiKey 5 FIPS-validated platform will give our customers the flexibility to meet the level of compliance that is best suited for their particular needs. Key benefits of the new series will include:

  1. Additional form factors: The YubiKey 5 FIPS Series will include new FIPS 140-2 validated form factors such as the YubiKey 5 NFC, YubiKey 5Ci, and the upcoming YubiKey 5C NFC. The YubiKey 5C Nano and YubiKey 5 Nano will also be available. Together, this combination of form factors will provide our customers with a range of choices, and open up new use cases for strong authentication on both iOS and Android mobile platforms.
  2. FIDO2 certification: The YubiKey 5 FIPS Series will be the first line of FIDO2-enabled security keys to receive FIPS 140-2 certification. Yubico is a core contributor to the FIDO2 standard, and has helped drive native support in all major browsers and operating systems, as well as its rapid adoption in the commercial space. More recently, we have seen a surge in interest from government agencies as well.
  3. Multi-protocol support: The YubiKey 5 FIPS Series will continue to support all of the standard protocols that are offered in our current YubiKey FIPS Series: FIDO U2F, PIV, Yubico OTP, OATH OTP (TOTP and HOTP), and OpenPGP.

YubiHSM 2 FIPS

For the first time, we will also be pursuing FIPS 140-2, Level 3 certification for our YubiHSM 2 Hardware Security Module (HSM). We are excited about the prospect of offering a cost-effective, small-footprint Level 3 device.

For more information on the YubiKey as a government-approved CAC and PIV card alternative, please listen to our on-demand webinar, “Modern CAC/PIV alternatives: Securing government teleworkers & mobile devices.”

To stay up to date on the YubiKey 5 Series certification progress, please visit the CMVP’s Module-in-Process List. Yubico will continue to release information on the YubiKey 5 FIPS Series and YubiHSM 2 FIPS as details become available. 

, , ,
Talk to our teamTalk to our team

Share this article:
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane