Ping Identity | Yubico
Strong phishing-resistant MFA for compliance with the EO

phone and Ping ID

The shift to Zero Trust security

In May of 2021, the White House issued Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, outlining new expectations & guidelines for zero trust and phishing-resistant multi-factor authentication (MFA) for federal agencies as well as their suppliers and partners.

Passwords, SMS, and other One-Time Passwords (OTP) are commonly used MFA solution, but they are not phishing-resistant and are highly susceptible to cyber attacks. The Federal Government’s policy requires the use of authenticators compliant with Federal Information Processing Standards (FIPS) 140-2, which includes PIV and CAC, and authenticators that meet the technical requirements published in NIST SP 800-63B.

The federal Zero Trust architecture (ZTA) strategy, as outlined in the OMB memo M-22-09, requires federal agencies, staff, contractors, and partners to use phishing-resistant MFA to reduce the threat from sophisticated attacks. Phishing-resistant MFA refers to an authentication process that is immune to attackers intercepting or even tricking users into revealing access information.


A seamless journey to Zero Trust with Yubico
and Ping Identity

Yubico and Ping Identity are globally recognized leaders in cybersecurity assisting public and private organizations on their journey to Zero Trust. Both are FIDO Alliance members working to set security standards.

Yubico offers the YubiKey—a FIPS 140-2 validated hardware security key proven to stop 100% of account takeovers in independent research. Ping Identity users, leveraging PingFederate, can take advantage of native support for the YubiKey for immediate compliance with the authentication requirements of OMB M-22-09 in a Zero Trust framework:

  • FIPS 140-2 validated (overall level 1 and level 2, physical security level 3)
  • Validated to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements

With Ping Identity and the YubiKey, government agencies can simply deploy federally validated, hardware-backed MFA across multiple applications and operating systems, as well as modern devices, with single-sign-on (SSO) capabilities. With certificate-based authentication, a user can leverage the YubiKey as a smart card with PingFederate to access web applications like Office 365. Yubico, Ping Identity, and EntryPoint have also teamed up to offer a no-code joint solution to enable phishing-resistant Derived FIDO2 Credentials along with identity proofing and centralized identity management.


The easy and highly-secure solution has been tested and proven in the most security conscious government and enterprise environments. Global organizations such as PayPal, Geisinger Medical Center, and Capital One trust Ping Identity and YubiKey to protect their users.


Integrate your solution with YubiKey and PingFederate


Phishing-resistant MFA for your journey
to Zero Trust

With Ping Identity and the YubiKey, government agencies can simply deploy federally validated, hardware-backed MFA across multiple applications and operating systems, as well as modern devices, with single-sign-on (SSO) capabilities. With certificate-based authentication, a user can leverage the YubiKey as a smart card with PingFederate to access web applications like Office 365. Yubico, Ping Identity, and EntryPoint have also teamed up to offer a no-code joint solution to enable phishing-resistant Derived FIDO2 Credentials along with identity proofing and centralized identity management.

FIDO2/WebAuthn

FIDO2 Passwordless via supported browser or desktop login

Certificate-based Authentication

With certificate-based authentication, a user can leverage their YubiKey as a smart card to access PingFederate protected applications.


Derived FIDO2 Credentials

Yubico, Ping Identity, and EntryPoint offer a no-code joint solution to enable phishing-resistant Derived FIDO2 Credentials. A no-code joint solution, YubiKeys can be used to authenticate with Ping Identity to provide modern phishing- resistant MFA based on the FIDO2 and be compliant with the EO.


Stronger together

YubiKey and Ping Identity together offer the best of both worlds—modern, phishing-resistant MFA to protect against account takeovers, as well as a simplified user experience. YubiKeys are also durable, don’t require batteries or need a cellular connection, and are water-resistant and crush-proof. Here are some additional benefits to using YubiKeys with PingFederate together:

shield and arrows
Enhanced security posture with streamlined deployment

PingFederate and the YubiKey add strong authentication to identity platforms to bring a complete, easy-to-scale offering to organizations of all sizes, supported by YubiEnterprise subscription and delivery options.

yubikey in circle
Superior authentication

Ping Identity works with YubiKey 5 FIPS Series, certified FIPS 140-2 validated security keys that meet the highest level of authenticator assurance (AAL3) of NIST SP800-63B guidelines.

user profile
Convenient login for higher employee productivity

Organization can enhance security and simplify logins with PingFederate’s consistent SSO experience and the YubiKey authentication, reducing support calls and downtime.

network lock
Supply chain and customer access

Provide federated support to partners, 3rd party entities and even customers to prevent breaches.

key in browser window
Secure privileged users, mobile-restricted environments

Improve security and productivity for privileged users or those sharing workstations and provide support for remote workers, contractors, air-gapped/isolated networks, cloud services, high-risk military scenarios, and mobile-restricted environments.

laptop bar code
Attestation support

Yubico and Ping Identity work together with EntryPoint’s credential management system and identity binding to provide an off-the-shelf no-code solution that confirms Derived FIDO2 Credentials consistent with NIST SP 800-157 and 800-79-2.

document check
Adaptive and risk-based authentication

Administrators can define advanced authentication, pairing and device posture policies to trigger intelligent step-up MFA or to accept trust within geo-fenced or other defined scenarios.

no password
Enable the bridge to passwordless authentication

Yubico and Ping Identity work together to meet organizations where they are on their journey to passwordless, seamlessly supporting legacy infrastructures with multi-protocol flexibility as well as modern, cloud-based systems that leverage the latest FIDO2/WebAuthn standards.


Derived FIDO2 Credentials for implementing Zero Trust architecture

In addition to protecting government agencies and employees, the EO mandates that organizations working with the federal government also have phishing-resistant authentication for their suppliers and partners. YubiKeys are a perfect solution as they support both types of phishing-resistant authentication—Certificates and FIDO2. Ping Identity, EntryPoint and YubiKeys enable organizations to deploy BYOD, work from home, and first-line worker scenarios by deploying a YubiKey without the need for external hardware.


Are you impacted by EO 14028?

Some organizations may believe that the Executive Order is focused towards federal agencies, but it has critical implications for many regulated and private sector industries such as defense, supply chain, healthcare, technology, and financial services. In March 2022, President Biden called on both state and local governments and the private sector to step up cybersecurity defenses in line with EO 14028 with all urgency, starting with “the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system…”

Zero Trust is the new regulatory minimum for federal agencies. What does that mean for authentication?

white house at night

YubiKeys aid in EO compliance

White House declaration: act now for cybersecurity attack protection
Meeting Zero Trust and phishing-resistant MFA requirements in Memorandum 22-09

compliance federal gov white paper cover with gov building
Modern hardware backed MFA and compliance for Federal Government

Implement YubiKeys with help from Yubico

YES solution brief preview
YubiKey Subscription solution brief
Securing Your Critical Assets in an Ever-Changing Regulatory Environment

Accelerate YubiKey adoption at scale

Get started

YubiKey 5 series

Find the right YubiKey

Contact our sales team for a personalized assessment of your company’s needs.

statue and YubiKey
Get protected today

Browse our online store today and buy the right YubiKey for you.