YubiKey (4) FIPS Series end of sale and movement to CMVP Historical Validation List

Yubico Team

Yubico Team

2 minute read

Earlier this year, Yubico introduced the YubiKey 5 FIPS Series. This new line-up of FIPS 140-2 validated YubiKeys enables government agencies and regulated industries to meet the highest authenticator assurance level 3 (AAL3) requirements from the new National Institute of Standards and Technology (NIST) SP800-63B guidance.

Our previous YubiKey (4) FIPS Series which we introduced in June of 2018, was built on the YubiKey 4 Series, and were the first multi-protocol authentication security keys to receive this validation. As cryptographic modules and guidance have revisions, the YubiKey (4) FIPS Series will be moved to the CMVP Historical Validation List on July 1, 2022 based on the Implementation Guidance for FIPS 140-2 and the Cryptographic Module Validation Program. Additionally, Yubico will no longer sell the YubiKey (4) FIPS Series after December 31, 2021, only the YubiKey 5 FIPS Series will be available after this date.

This does not mean that the overall FIPS-140 certificates for the YubiKey (4) FIPS Series have been revoked, rather it indicates that the certificates support functionality that does not align with the latest guidance and/or transitions, and may not accurately reflect how the module can be used in FIPS mode. Section D.8 of the Implementation Guidance calls out that only approved and allowed key agreement techniques can be used in an approved mode of operation after June 30, 2022. 

With the latest guidance from NIST, the YubiKey (4) FIPS Series’ current implementation of ECDH does not meet SP 800-56A Rev3 compliance requirements and will therefore be moved to the Historical List. Specifically, the PIV application when using the ECC algorithm for decryption is affected. 

  • Affected devices include YubiKey (4) FIPS, YubiKey (4) Nano FIPS, YubiKey (4) C FIPS and YubiKey (4) C Nano FIPS.  
  • Non affected devices include YubiKey 5 FIPS Series, YubiKey 5 Series, YubiKey 4 Series (non-FIPS) and Security Key Series.

Companies may make a risk determination on whether to continue using the modules on the Historical List based on their own assessment of where and how the module is used. For more technical details, please refer to our knowledge base article

Note, to help visually identify your YubiKeys, the back of the YubiKey 5 FIPS Series contains a v5 etching on the devices, which isn’t included in the YubiKey (4) FIPS Series. 

Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey