For regulatory compliance
Drive regulatory compliance with government and
industry-approved strong two-factor, multi-factor,
and passwordless authentication
Modern strong authentication
for governments and highly security-conscious organizations
The YubiKey provides FIPS 140-2 validated strong phishing-resistant two-factor, multi-factor, and passwordless authentication at scale, helping government agencies and highly regulated enterprises drive compliance to global and local industry regulations.
Securing Your Critical Assets in an Ever-Changing Regulatory Environment
Learn about Security, Compliance, and Modern Strong Authentication.
Need to adopt a zero trust architecture and deploy MFA per the U. S. Executive Order on Improving the Nation’s Cybersecurity? Yubico can help with strong authentication that supports zero trust initiatives.
Strong two-factor, multi-factor and passwordless authentication
YubiKeys offer phishing-resistant strong authentication, and are the only solution proven to stop account takeovers in independent research.
YubiKeys for two-factor, multi-factor, and passwordless authentication are helping global organizations drive compliance to regulatory authentication requirements across a wide variety of industries.
Meets Federal Government compliance requirements
Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically in the United States and abroad.
YubiKeys are FIPS 140-2 validated (Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3), to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements. They are also Department of Defense Cybersecurity Maturity Model Certification (CMMC) Level III and FedRAMP compliant, and support DFARS/NIST SP 800-171.
Drives compliance to global financial services regulations
The financial industry has many compliance requirements to contend with. There have been a number of wide-sweeping changes to financial benchmarks (LIBOR), new state and Global privacy laws (GDPR), executive orders, and also indications of revisions to PCI DSS.
The YubiKey helps financial organizations satisfy strong authentication requirements related to PII and payment information, for PCI DSS, GLBA, FFIEC, PSD2, eIDAS, SOX, SOC2, GDPR, DORA, as well as state and local laws such as CCPA and 23 NYCRR 500.
Satisfies strong authentication requirements for global healthcare regulations
Despite regulatory pressures across the healthcare industry to protect the privacy and security of PHI and IP, common obstacles to improving authentication exist, including hybrid infrastructure challenges.
The YubiKey offers modern strong authentication at scale that healthcare organizations can leverage to satisfy authentication requirements for HIPAA, HITECH, 21 CFR Part 11, the Support Act/EPCS, ONC Cures Act Final Rule, GDPR, and CCPA. A single YubiKey supports multiple authentication protocols, making it an ideal solution for strong authentication across both legacy and modern infrastructures.
Meets regulations for energy and natural resources organizations
The 2020 Colonial Pipeline hack drove White House Cybersecurity Executive Order #14028 mandating Zero Trust and impersonation-resistant MFA, and the TSA Security Directives 2021-01 and 2021-02 for Pipeline owners and operators, to implement special mitigation measures to protect against ransomware and other cyber threats.
The FIPS 140-2 validated YubiKey meets NIST SP 800-63B Authenticator Assurance Level (AAL) 3 requirements, enabling energy, utilities, and oil and gas entities to comply with EO #14028, the TSA Security Directives, and other government regulations like Sarbanes-Oxley (SOX), the Federal Energy Regulation Commission (FERC), and North American Electric Reliability Commission (NERC) Critical Infrastructure Protection Standards.
Learn more about the YubiKey for Regulatory Compliance
CMMC: Recommendations to navigate the new Cyber Certification requirements