Yubico Expands FIPS 140-2 Certification to YubiKey 5 Series and YubiHSM2

Today, we are happy to share that the YubiKey 5 Series firmware has completed testing by our NIST accredited testing lab, and has been submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-2 certification, Overall Level 2, Physical Security Level 3. Soon, the YubiKey 5 Series firmware will also be submitted for FIPS 140-2 Level 1 certification, and the YubiHSM 2 firmware will be submitted for FIPS 140-2 Level 3 certification for the first time.

Yubico has a large number of customers that rely on our YubiKey FIPS Series security keys to keep their organizations secure, as well as compliant to government and industry regulations. With this continued certification effort, Yubico is not only doubling down on our commitment to support our current and future FIPS customers, but we are expanding the options that are available, including more certification levels and a broader range of FIPS-compliant product offerings.

YubiKey 5 FIPS Series

We are excited to be certifying another hardware module type that offers Physical Security Level 3. This allows YubiKeys to be used when Authentication Assurance Level 3 is required, and enables compliance to Federal Risk and Authorization Management Program (FedRAMP), and Defense Federal Acquisition Regulation Supplement (DFARS).

With both Level 1 and Level 2 certifications under way, the upcoming YubiKey 5 FIPS-validated platform will give our customers the flexibility to meet the level of compliance that is best suited for their particular needs. Key benefits of the new series will include:

  1. Additional form factors: The YubiKey 5 FIPS Series will include new FIPS 140-2 validated form factors such as the YubiKey 5 NFC, YubiKey 5Ci, and the upcoming YubiKey 5C NFC. The YubiKey 5C Nano and YubiKey 5 Nano will also be available. Together, this combination of form factors will provide our customers with a range of choices, and open up new use cases for strong authentication on both iOS and Android mobile platforms.
  2. FIDO2 certification: The YubiKey 5 FIPS Series will be the first line of FIDO2-enabled security keys to receive FIPS 140-2 certification. Yubico is a core contributor to the FIDO2 standard, and has helped drive native support in all major browsers and operating systems, as well as its rapid adoption in the commercial space. More recently, we have seen a surge in interest from government agencies as well.
  3. Multi-protocol support: The YubiKey 5 FIPS Series will continue to support all of the standard protocols that are offered in our current YubiKey FIPS Series: FIDO U2F, PIV, Yubico OTP, OATH OTP (TOTP and HOTP), and OpenPGP.

YubiHSM 2 FIPS

For the first time, we will also be pursuing FIPS 140-2, Level 3 certification for our YubiHSM 2 Hardware Security Module (HSM). We are excited about the prospect of offering a cost-effective, small-footprint Level 3 device.

For more information on the YubiKey as a government-approved CAC and PIV card alternative, please listen to our on-demand webinar, “Modern CAC/PIV alternatives: Securing government teleworkers & mobile devices.”

To stay up to date on the YubiKey 5 Series certification progress, please visit the CMVP’s Module-in-Process List. Yubico will continue to release information on the YubiKey 5 FIPS Series and YubiHSM 2 FIPS as details become available. 

Talk to our teamTalk to our team

Share this article:


  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • Cybersecurity in 2025: Insights and predictions from Yubico’s expertsWith 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the […]Read moreAIdigital identity walletspasskeyspredictions
  • State of Global Authentic(age)ion: A look at cybersecurity habits by generationsNo generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as […]Read moreState of Global Authenticationsurvey
  • Yubico named finalists of German digital identity innovation competitionIn 2023, Yubico began collaborating on an exciting open standards identity project – wwWallet – to shape the future of digital identity across Europe and beyond. The project saw immediate success solving problems for global identity, and was submitted in the German SPRIN-D European Digital Identity (EUDI) Funke competition which aims to develop and test […]Read moreEU Digital Identity WalletEUDIwwWalet