Yubico Expands FIPS Security Certification

For the past two years, Yubico has executed on an aggressive strategy to validate its cryptographic devices against established federal standards.

The first YubiKey device was validated in 2014 (NIST cert #2267) and, last week, the YubiKey 4 began the National Institute of Standards and Technology (NIST) validation process for compliance with the Federal Information Processing Standard (FIPS) Publication 140-2.

Our objective is to achieve FIPS 140-2 at Level 2 overall and Level 3 physical security in order to meet the highest level of assurance at Level 4 for the electronic authentication guidelines outlined in NIST special publication 800-63-2.

Cryptography and encryption are important constructs for the security technology industry and its customers. FIPS 140-2 standards set requirements for handling sensitive but unclassified information and are mandated by law. FIPS 140-2 validation is required for US and Canadian government acquisition of products using cryptography, but many governments and commercial entities throughout the world also use this as a basis for selecting vendors and products.

Yubico’s customers requesting this certification include federal governments, state and local governments, healthcare, financial services, and federal contractors who routinely process, store, and transmit sensitive federal information using their own information systems. The protection of sensitive federal information while residing in non-federal information systems and organizations is of paramount importance to federal agencies because it can directly impact their ability to successfully carry out their missions and business operations.

Agencies, organizations, and the general public can review our progress through NIST’s Cryptographic Module Validation Program.

The YubiKey 4 validation is Yubico’s investment in the future of our cryptographic platform so that enterprises and organizations can trust our devices and hardware to comply with federal regulations that meet their needs. Given that the YubiKey 4 was launched less than six months ago, we have been very aggressive with getting this device through certification. Our goal is to ensure that any company working with, or within, regulated industries will have full confidence that Yubico’s cryptographic tools meet the security industry’s highest standards.

Talk to our teamTalk to our team

Share this article:


  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless
  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard