• Ping Identity | Yubico

    Strong phishing-resistant MFA for compliance with the EO

    Read the solution briefRead the solution brief
    Home » Solutions » Executive Order on Improving the Nation’s Cybersecurity » Ping Strong phishing-resistant MFA for compliance with EO

    The shift to Zero Trust security

    In May of 2021, the White House issued Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, outlining new expectations & guidelines for zero trust and phishing-resistant multi-factor authentication (MFA) for federal agencies as well as their suppliers and partners.

    Passwords, SMS, and other One-Time Passwords (OTP) are commonly used MFA solution, but they are not phishing-resistant and are highly susceptible to cyber attacks. The Federal Government’s policy requires the use of authenticators compliant with Federal Information Processing Standards (FIPS) 140-2, which includes PIV and CAC, and authenticators that meet the technical requirements published in NIST SP 800-63B.

    The federal Zero Trust architecture (ZTA) strategy, as outlined in the OMB memo M-22-09, requires federal agencies, staff, contractors, and partners to use phishing-resistant MFA to reduce the threat from sophisticated attacks. Phishing-resistant MFA refers to an authentication process that is immune to attackers intercepting or even tricking users into revealing access information.


    A seamless journey to Zero Trust with Yubico
    and Ping Identity

    Yubico and Ping Identity are globally recognized leaders in cybersecurity assisting public and private organizations on their journey to Zero Trust. Both are FIDO Alliance members working to set security standards.

    Yubico offers the YubiKey—a FIPS 140-2 validated hardware security key proven to stop 100% of account takeovers in independent research. Ping Identity users, leveraging PingFederate, can take advantage of native support for the YubiKey for immediate compliance with the authentication requirements of OMB M-22-09 in a Zero Trust framework:

    • FIPS 140-2 validated (overall level 1 and level 2, physical security level 3)
    • Validated to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements

    With Ping Identity and the YubiKey, government agencies can simply deploy federally validated, hardware-backed MFA across multiple applications and operating systems, as well as modern devices, with single-sign-on (SSO) capabilities. With certificate-based authentication, a user can leverage the YubiKey as a smart card with PingFederate to access web applications like Office 365. Yubico, Ping Identity, and EntryPoint have also teamed up to offer a no-code joint solution to enable phishing-resistant Derived FIDO2 Credentials along with identity proofing and centralized identity management.


    The easy and highly-secure solution has been tested and proven in the most security conscious government and enterprise environments. Global organizations such as PayPal, Geisinger Medical Center, and Capital One trust Ping Identity and YubiKey to protect their users.


    Integrate your solution with YubiKey and PingFederate


    Phishing-resistant MFA for your journey
    to Zero Trust

    With Ping Identity and the YubiKey, government agencies can simply deploy federally validated, hardware-backed MFA across multiple applications and operating systems, as well as modern devices, with single-sign-on (SSO) capabilities. With certificate-based authentication, a user can leverage the YubiKey as a smart card with PingFederate to access web applications like Office 365. Yubico, Ping Identity, and EntryPoint have also teamed up to offer a no-code joint solution to enable phishing-resistant Derived FIDO2 Credentials along with identity proofing and centralized identity management.

    FIDO2/WebAuthn

    FIDO2 Passwordless via supported browser or desktop login

    Certificate-based Authentication

    With certificate-based authentication, a user can leverage their YubiKey as a smart card to access PingFederate protected applications.


    Derived FIDO2 Credentials

    Yubico, Ping Identity, and EntryPoint offer a no-code joint solution to enable phishing-resistant Derived FIDO2 Credentials. A no-code joint solution, YubiKeys can be used to authenticate with Ping Identity to provide modern phishing- resistant MFA based on the FIDO2 and be compliant with the EO.


    Stronger together

    YubiKey and Ping Identity together offer the best of both worlds—modern, phishing-resistant MFA to protect against account takeovers, as well as a simplified user experience. YubiKeys are also durable, don’t require batteries or need a cellular connection, and are water-resistant and crush-proof. Here are some additional benefits to using YubiKeys with PingFederate together:

    shield and arrows
    Enhanced security posture with streamlined deployment

    PingFederate and the YubiKey add strong authentication to identity platforms to bring a complete, easy-to-scale offering to organizations of all sizes, supported by YubiEnterprise subscription and delivery options.

    yubikey in circle
    Superior authentication

    Ping Identity works with YubiKey 5 FIPS Series, certified FIPS 140-2 validated security keys that meet the highest level of authenticator assurance (AAL3) of NIST SP800-63B guidelines.

    user profile
    Convenient login for higher employee productivity

    Organization can enhance security and simplify logins with PingFederate’s consistent SSO experience and the YubiKey authentication, reducing support calls and downtime.

    network lock
    Supply chain and customer access

    Provide federated support to partners, 3rd party entities and even customers to prevent breaches.

    key in browser window
    Secure privileged users, mobile-restricted environments

    Improve security and productivity for privileged users or those sharing workstations and provide support for remote workers, contractors, air-gapped/isolated networks, cloud services, high-risk military scenarios, and mobile-restricted environments.

    laptop bar code
    Attestation support

    Yubico and Ping Identity work together with EntryPoint’s credential management system and identity binding to provide an off-the-shelf no-code solution that confirms Derived FIDO2 Credentials consistent with NIST SP 800-157 and 800-79-2.

    document check
    Adaptive and risk-based authentication

    Administrators can define advanced authentication, pairing and device posture policies to trigger intelligent step-up MFA or to accept trust within geo-fenced or other defined scenarios.

    no password
    Enable the bridge to passwordless authentication

    Yubico and Ping Identity work together to meet organizations where they are on their journey to passwordless, seamlessly supporting legacy infrastructures with multi-protocol flexibility as well as modern, cloud-based systems that leverage the latest FIDO2/WebAuthn standards.


    Derived FIDO2 Credentials for implementing Zero Trust architecture

    In addition to protecting government agencies and employees, the EO mandates that organizations working with the federal government also have phishing-resistant authentication for their suppliers and partners. YubiKeys are a perfect solution as they support both types of phishing-resistant authentication—Certificates and FIDO2. Ping Identity, EntryPoint and YubiKeys enable organizations to deploy BYOD, work from home, and first-line worker scenarios by deploying a YubiKey without the need for external hardware.


    Are you impacted by EO 14028?

    Some organizations may believe that the Executive Order is focused towards federal agencies, but it has critical implications for many regulated and private sector industries such as defense, supply chain, healthcare, technology, and financial services. In March 2022, President Biden called on both state and local governments and the private sector to step up cybersecurity defenses in line with EO 14028 with all urgency, starting with “the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system…”

    Zero Trust is the new regulatory minimum for federal agencies. What does that mean for authentication?

    Watch nowWatch now
    white house at night

    YubiKeys aid in EO compliance

    White House declaration: act now for cybersecurity attack protection
    Meeting Zero Trust and phishing-resistant MFA requirements in Memorandum 22-09

    compliance federal gov white paper cover with gov building
    Modern hardware backed MFA and compliance for Federal Government

    Implement YubiKeys with help from Yubico

    YES solution brief preview
    YubiKey Subscription solution brief
    Securing Your Critical Assets in an Ever-Changing Regulatory Environment

    Accelerate YubiKey adoption at scale

    Get started

    YubiKey 5 series

    Find the right YubiKey

    Contact our sales team for a personalized assessment of your company’s needs.

    Contact salesContact sales
    statue and YubiKey
    Get protected today

    Browse our online store today and buy the right YubiKey for you.

    Buy nowBuy now