Yubico Expands FIPS Security Certification

Jerrod Chong

Jerrod Chong

2 minute read

For the past two years, Yubico has executed on an aggressive strategy to validate its cryptographic devices against established federal standards.

The first YubiKey device was validated in 2014 (NIST cert #2267) and, last week, the YubiKey 4 began the National Institute of Standards and Technology (NIST) validation process for compliance with the Federal Information Processing Standard (FIPS) Publication 140-2.

Our objective is to achieve FIPS 140-2 at Level 2 overall and Level 3 physical security in order to meet the highest level of assurance at Level 4 for the electronic authentication guidelines outlined in NIST special publication 800-63-2.

Cryptography and encryption are important constructs for the security technology industry and its customers. FIPS 140-2 standards set requirements for handling sensitive but unclassified information and are mandated by law. FIPS 140-2 validation is required for US and Canadian government acquisition of products using cryptography, but many governments and commercial entities throughout the world also use this as a basis for selecting vendors and products.

Yubico’s customers requesting this certification include federal governments, state and local governments, healthcare, financial services, and federal contractors who routinely process, store, and transmit sensitive federal information using their own information systems. The protection of sensitive federal information while residing in non-federal information systems and organizations is of paramount importance to federal agencies because it can directly impact their ability to successfully carry out their missions and business operations.

Agencies, organizations, and the general public can review our progress through NIST’s Cryptographic Module Validation Program.

The YubiKey 4 validation is Yubico’s investment in the future of our cryptographic platform so that enterprises and organizations can trust our devices and hardware to comply with federal regulations that meet their needs. Given that the YubiKey 4 was launched less than six months ago, we have been very aggressive with getting this device through certification. Our goal is to ensure that any company working with, or within, regulated industries will have full confidence that Yubico’s cryptographic tools meet the security industry’s highest standards.

, ,
Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day