Phishing-resistant MFA for Federal

YubiKey: DOD-approved phishing-resistant MFA

In accordance with Homeland Security Presidential Directive 12 (HSPD 12), Yubico offers the phishing-resistant, FIPS 140-2 validated YubiKey for highest-assurance multi-factor and passwordless authentication. YubiKeys are widely deployed in the US Government with over 150 unique implementations including US Army, US Navy, US Air Force, US Marine Corps, US Space Force, DoD Missile Defense Agency, Federal Bureau of Investigation (FBI), National Security Agency (NSA), Department of Energy and more.

YubiHSM 2 FIPS: Game-changing cryptographic protection for servers & mobility vehicles

Yubico also offers the YubiHSM 2 FIPS, a FIPS 140-2 validated hardware security module in a cost-effective nano model that is optimal for DOD mobility use cases and to providers developing Commercial Systems for Classified (CSfC) solutions at the tactical edge, meeting increasing requirements for an external cryptographic store for root certificates. It has been included in approved CSfC solutions deployed by the US Department of Defense.

Federal compliant phishing-resistant MFA

YubiKeys offer phishing-resistant security and are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3. YubiKeys are also WebAUTHN, FIDO, FIDO2 and DFARS, and NIST SP 800-171 compliant.

YubiKeys are approved and meet the DoD Mobile PKI credentials storage requirements per DoD OCIO Memo on Mobile Public Key Infrastructure (PKI) Credentials, 20 December 2019, by meeting FIPS 140-2 Level Security Level 2 overall and Level 3 for Physical Security.  In addition, the DoD Office of the CIO (OCIO) Memo on Interim Digital Authentication Guidelines for Unclassified and Secret Classified DoD Networks and Information Systems, 20 August 2018, approved YubiKeys as one of only two commercial alternatives to the PIV/CAC, for use as a MFA token for DoD unclassified and secret classified information systems.

Built for modern DOD and Civilian use cases

The YubiKey supports PIV, CAC, and modern strong credentialing without peripheral devices, enabling phishing-resistant authentication for non-traditional users such as non PIV/CAC eligible and privileged users, BYOD/BYOAD, closed/air-gapped/legacy networks, and Defense Industrial Base (DIB) and coalition partners.

Unlike managing multiple certificates across mobile devices and PIV/CAC cards, a YubiKey with one certificate can be used as a portable root of trust across multiple devices including mobile and BYOD/BYOAD. And unlike mobile-based authenticators, YubiKeys are phishing resistant and purpose built for security, don’t require Government Furnished Equipment (GFE) or a network connection.They are also malware resistant, waterproof, crush-resistant and dustproof.

Support for derived credentials

The YubiKey includes a secure built-in chip that accommodates Purebred derived PIV/CAC requirements for secure credentialing in-line with the technical requirements of NIST SP 800-157. 

While derived credentials stored on a device are a security risk, credentials stored on YubiKeys cannot be extracted or tampered with. As a side benefit, if a mobile or computer device is lost or stolen, or a new device issued, the YubiKey can be used as an easy method to establish or re-establish trust with online accounts and re-register the internal authenticator on a new device.

Secure and trustworthy manufacturing

Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad. Yubico works with Sebastian Tech Solutions (STS) for rapid, secure logistics/shipping of YubiKeys directly to employees in the office, in the field, or even at home.