Yubico Expands FIPS Security Certification

May 31, 2016 2 minute read

For the past two years, Yubico has executed on an aggressive strategy to validate its cryptographic devices against established federal standards.

The first YubiKey device was validated in 2014 (NIST cert #2267) and, last week, the YubiKey 4 began the National Institute of Standards and Technology (NIST) validation process for compliance with the Federal Information Processing Standard (FIPS) Publication 140-2.

Our objective is to achieve FIPS 140-2 at Level 2 overall and Level 3 physical security in order to meet the highest level of assurance at Level 4 for the electronic authentication guidelines outlined in NIST special publication 800-63-2.

Cryptography and encryption are important constructs for the security technology industry and its customers. FIPS 140-2 standards set requirements for handling sensitive but unclassified information and are mandated by law. FIPS 140-2 validation is required for US and Canadian government acquisition of products using cryptography, but many governments and commercial entities throughout the world also use this as a basis for selecting vendors and products.

Yubico’s customers requesting this certification include federal governments, state and local governments, healthcare, financial services, and federal contractors who routinely process, store, and transmit sensitive federal information using their own information systems. The protection of sensitive federal information while residing in non-federal information systems and organizations is of paramount importance to federal agencies because it can directly impact their ability to successfully carry out their missions and business operations.

Agencies, organizations, and the general public can review our progress through NIST’s Cryptographic Module Validation Program.

The YubiKey 4 validation is Yubico’s investment in the future of our cryptographic platform so that enterprises and organizations can trust our devices and hardware to comply with federal regulations that meet their needs. Given that the YubiKey 4 was launched less than six months ago, we have been very aggressive with getting this device through certification. Our goal is to ensure that any company working with, or within, regulated industries will have full confidence that Yubico’s cryptographic tools meet the security industry’s highest standards.

Share this article:

Recommended content

Thumbnail
Executive OrdergovernmentNational Cybersecurity Strategy

The White House’s National Cybersecurity Strategy and Pandemic Anti-Fraud Proposal: Three things you should do to respond now

On March 2, the White House made a clear and important announcement to the tech sector regarding cybersecurity efforts moving forward: “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce ...

Read More
Thumbnail
phishing-resistant MFAYubiKeyzero trust

phishing-resistant-mfa-federal-government-thank-you

We hope you enjoy reading the Yubico White Paper, Modernizing authentication across the Federal Government with phishing-resistant MFA.

Read More
Thumbnail
phishing-resistant MFAYubiKeyzero trustzero trust

Phishing-resistant MFA for Federal Government

Learn how you can meet Zero Trust and phishing-resistant MFA per EO 14028 and OMB M-22-09 mandates with the DOD-approved and FIPS 140-2 validated YubiKey.

Read More
Thumbnail
FIPS 140-2FIPS 140-2FIPS 140-2Public SectorYubiHSMYubiHSM 2

YubiHSM 2, the world's smallest hardware security module, enhanced with new features to support security for the Public Sector

Compliance mandates require many of our customers in regulated industries or in high-risk environments to prove adequate levels of protection for their data, no matter where it lives or travels. This is why we’ve continued to enhance the capabilities of both the YubiHSM 2 and YubiHSM 2 FIPS, the world’s smallest FIPS-validated and non-FIPS hardware ...

Read More