Yubico submits YubiKey 5 FIPS Series for FIPS 140-3 validation

We’re excited to share that the YubiKey 5 FIPS Series latest 5.7 firmware has completed testing by our NIST accredited testing lab, and has been submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation, Overall Level 2 and Physical Level 3. This marks a significant milestone in our ongoing commitment to providing high-assurance security solutions to government agencies and highly regulated industries while aligning with the latest regulatory standards. 

Yubico has a large number of customers that rely on our YubiKey 5 FIPS Series security keys to keep their organizations secure from increasingly sophisticated phishing attacks, as well as stay compliant to the latest government and industry regulations. The next steps in our journey toward FIPS 140-3 validation ensures the strongest phishing-resistant security for our customers will be available and in line with CMVP recommendations for transitioning, thus allowing organizations to meet strict compliance requirements with the highest authenticator assurance level 3 (AAL3) requirements from the NIST SP800-63B guidance. 

Once certified by CMVP, the newly updated YubiKey 5 FIPS Series keys will be available in all the same form factors as the prior FIPS 140-2 validated YubiKey 5 FIPS Series. Aligned with our recently updated YubiKey 5 Series keys released in early 2024 with 5.7 firmware, YubiKey 5 Series FIPS keys include a number of enterprise-focused features for customers that also require FIPS certified authenticators. The newly enhanced enterprise-focused features within the YubiKey 5.7 firmware include:

  • Enhanced PIN complexity enabled by default across all YubiKey applications, including FIDO2, PIV, and OpenPGP.
  • Enterprise attestation facilitates the retrieval of unique identifiers during FIDO2 registration and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.
  • FIDO Client to Authenticator Protocol (CTAP) 2.1 implementation brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in “enroll on behalf” scenarios.
  • Expanded passkey and passwordless storage capabilities – accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials.
  • Expansion and enhancement of public key algorithms, including support for larger RSA keys (RSA-3072 and RSA-4096) and Ed25519, key types enhances key management functions and flexibility for organizations, aligning with DoD memo requirements on stronger public key algorithms
  • Restricted NFC usage during transit – NFC capable YubiKeys have restricted NFC usage to prevent manipulation during transit. Read more here.
  • FIDO Level 2 (L2) certification – at the same time of submission, the YubiKey 5 FIPS Series will also be submitted for FIDO L2 certification.

Yubico is committed to supporting our current and future FIPS customers. To stay up to date on the YubiKey 5 FIPS Series certification progress, please visit the CMVP’s Module-in-Process List. Yubico will continue to release information and updates regarding YubiHSM 2 firmware for FIPS 140-3 certification as details become available.

Contact your Yubico representative or our sales team for any questions related to getting access to the YubiKey 5 FIPS Series ‘release candidate’ keys for your organization today.

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST