• Phishing-resistant MFA for State and Local Government

    Meet Zero Trust and cyber insurance mandates.
    Complete your MFA 100%

    Read the solution brief
    Home » Industries » YubiKey for State and Local Government

     Zero Trust security and phishing-resistant MFA for State and Local Government

    Phishing-resistant multi-factor authentication (MFA) and Zero Trust security architectures are key requirements per the executive order on improving the nation’s cybersecurity that was released on May 12, 2021, and the subsequent Office of Management and Budget (OMB) Memo M-22-09

    While MFA can be a strong first-line of defense against phishing and ransomware, not all forms of MFA are created equal. Legacy authentication such as usernames and passwords can be easily hacked, and mobile-based authentication such as SMS, OTP codes, and push notifications are highly susceptible to modern phishing attacks, malware, SIM swaps, and man-in-the-middle (MiTM) attacks.

    Mobile-based authentication also creates gaps in your MFA strategy when users can’t, don’t, or won’t use mobile authentication due to union restrictions, personal preferences, cellular geographic inconsistencies, financial reasons and more.

    Yubico offers the phishing-resistant, FIPS 140-2 validated YubiKey for highest-assurance multi-factor and passwordless authentication. YubiKeys are highly portable and simple to deploy and use, and are highly suitable for users that can’t, won’t, or don’t use mobile authentication, helping you achieve 100% MFA coverage and satisfy your cyber insurance MFA requirements.

    “I like the YubiKey as opposed to phone authentication. We have a lot of users within our system that don’t have a state- or county-provided cell phone, and I certainly don’t want them using their own personal devices for agency or office business. The YubiKey was really the easy-to-use multifactor authentication of choice for us here in Washington state to achieve the additional security needs we had.”
    Lori AuginoElections Director, Washington State


    Modernizing authentication across state, local, tribal and territorial governments

    Read the white paper to learn how to achieve 100% MFA coverage, ensure zero account takeovers and meet your cyber insurance MFA requirements.

    Benefits from the phishing-resistant YubiKey

    government building icon
    Federal compliant phishing-resistant MFA

    YubiKeys offer phishing-resistant security and are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3. YubiKeys are also CJIS, WebAUTHN, FIDO, FIDO2 and DFARS, and NIST SP 800-171 compliant.

    YubiKey icon
    Simple to deploy and use

    YubiKeys integrate seamlessly with existing identity and access management (IAM) and identity provider (IDP) solutions such as Microsoft, Okta, DUO, Ping, and over 1,000 applications and services out-of-the-box, including Google Suite, Microsoft Azure, Microsoft Office 365, Box, Jamf, and identity and credential management (ICAM) solutions, eliminating rip and replacement of existing solutions.

    electronic devices icon
    Built for portability and modern use cases

    The YubiKey enables phishing-resistant authentication for privileged users, employees, contractors, mobile users, cloud services, election infrastructure and even customer-facing digital services.Unlike mobile-based authenticators, YubiKeys are phishing resistant and purpose built for security, and don’t require Government Furnished Equipment (GFE) or a network connection. A single YubiKey works across multiple devices including desktops, laptops, mobile, tablets, notebooks, and shared workstations, enabling users to utilize the same key across devices. YubiKeys are also highly portable, enabling secure and CJIS-compliant access for users on the move such as law enforcement and first responders, and secure authentication without the use of mobile devices for employees that work in corrections departments.

    bar graph icon
    Reduce IT support costs and drive high ROI

    The combination of frictionless user experience, data breach prevention, mobile device and service cost savings, and the YubiKeys’ versatility with multi-protocol support results in high ROI for any environment. In addition to reducing risk by 99.9%, the YubiKey has been shown to drive a 203% 3-year ROI and a drop in password-related help desk tickets by 75%.

    Read more here
    “The biggest benefit is that you don’t have to use your phone and wait for that phone call or wait for that text message with the OTP. This is such a simpler solution where I just plug it in, tap the button and I’m done.”
    Curtis Chiuu Principal Systems Engineer, City of Sacramento


    How to get started with phishing-resistant MFA to secure state, local, tribal and territorial governments

    Learn the six deployment best practices that can help your agency accelerate adoption of modern, phishing-resistant MFA at scale using the YubiKey.


    Modernizing authentication across state and local governments

    Learn how state and local agencies can modernize and strengthen user authentication with the phishing-resistant and easy-to-use YubiKey.

    Procuring Yubico solutions

    Yubico solutions are available for procurement through multiple convenient channels.

    Engage with our Yubico Public Sector and Channel teams for strategic implementations:

    Contact us

    Email us

    Purchase options:
    via GSA or SEWP V contract
    Carahsoft Technology Corporation = GSA Multiple Award Schedule Contract # 47QSWA18D008F
    Aug 22, 2018- Aug 21, 2028


    May 01, 2015- Apr 30, 2025


    Aug 31, 2020- Aug 30, 2025
    *Additional Option Years Available
    Immix = GSA Contract # GS-35F-0511T / SEWP V NNG15SC16B (Category A, Group A) & NNG15SC39B (Category B, Group D)

    DUNS: 046832835
    CAGE Code: 6UUE2