YubiKey for
Federal Government

Modernizing multi-factor authentication for Federal Government
capital building side view

Strong Authentication for U.S. Government Employees

Learn how to attain PIV compliance and the recent U.S. Cybersecurity Executive Order mandates that federal government agencies adopt multi-factor authentication (MFA) within 180 days.

Need to deploy MFA per President Biden’s Executive Order on Improving the Nation’s Cybersecurity? Yubico can help you meet the 180 day deadline with DOD approved strong authentication.

Highest assurance multi-factor authentication for Federal Government

In accordance with Homeland Security Presidential Directive 12 (HSPD 12), YubiKeys provide high assurance authentication without compromise to help you go passwordless, and modernize multi-factor authentication and smart card deployments.

Govies award logo
Astors awards logo

Meets Federal Government Compliance Requirements

Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad.

  • FIPS 140-2, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3
  • Validated to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements
  • DOD Cybersecurity Maturity Model Certification (CMMC) Level III compliant
  • Support for DFARS/NIST SP 800-171
  • WebAuthn/FIDO/FIDO2 compliant
  • Approved for use in DOD Non-Classified and Secret Classified Environments
Department of Defense NIST logo
Department of Defense and Homeland Security logos
Fido logo
FIPS 140-2 Validated logo
Cybersecurity Maturity Model Certification logo

Easy-to-use, strong authentication

teal outline of YubiKey and YubiHSM

Deploy federal, NIST compliant, high assurance multi-factor authentication

Government employees and contractors are likely to be targeted by hackers and nation-states, so authentication solutions need to be resistant to phishing and account takeovers, and comply with federal regulations.

The Yubikey is one of only three DoD CIO government approved alternate authenticators that meet DoD’s rigorous cybersecurity requirements. YubiKeys offer the best available security against phishing attacks and account takeovers and are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines. YubiKeys are also WebAuthn, FIDO, FIDO2, DFARS/NIST SP 800-171 and CMMC compliant, and approved for use in DOD Non-Classified and Secret Classified Environments.

Read why New York Air National Guard is piloting the YubiKey >

teal outline of shield and lock

Ensure strong security for non PIV/non CAC eligible users

Short term contract workers that aren’t eligible for a Personal Identity Verification (PIV) credential or a Common Access Card (CAC) also require secure access to government services and systems. Some users may even require a token that works by itself without additional smart card hardware or software needs.

The YubiKey FIPS Series is PIV compatible and offers Smart Card, OTP, FIDO authentication methods and is the only hardware authenticator to meet DoD contractor security requirements.

Read now: Best practices to secure remote government workers with the YubiKey, a modern PIV/CAC alternative

Deploy highest assurance authentication for mobile derived PIV and BYOD/BYOAD

Mobile derived PIV authentication can result in the need for multiple devices and authentication solutions, and in case of BYOD/BYOAD, puts agencies on point to reimburse employees for mobile costs leading to additional expenses.

YubiKeys accommodate derived PIV/CAC requirements, eliminating device-based authentication and minimizing BYOD/BYOAD reimbursement costs. A single security key can be used to securely authenticate users to applications and services across multiple government issued or personal devices such as laptops, desktops, tablets, and mobiles, making it a cost-effective solution.

Read now: YubiKey for mobile in the public sector

teal outline of 3 users and a key

Modernize authentication for privileged users

New and varied threat vectors put privileged users like key government officials, and security, network and database admins at great risk. The majority of security breaches involve misuse of privileged credentials. This creates ready access to sensitive information like defense plans, budgets, strategic planning docs, PII/PHI which can cripple the government.

YubiKeys bridge legacy MFA to modern protocols such as FIDO2 and WebAuthn. The YubiKey’s hardware design enables the authentication secret to be stored on a separate secure chip built into the YubiKey, so it cannot be copied or stolen. This offers the highest security for authenticating privileged users.

teal outline of shield and checkmark

Secure user access to closed/air gap networks

Air gap networks are closed off from the outside, making it difficult to authenticate users using data sent over a network. Passwords aren’t the most secure authentication method, and smart cards need additional readers which can be expensive and add to security concerns of the air gap network.

YubiKeys don’t need any network connectivity, cellular connection or batteries to work. YubiKeys ensure that air gap networks stay secured against breaches by providing a multi-factor authentication solution that works well in network isolated and mobile restricted environments. With a YubiKey, users can be authenticated without transfer of information across a Cross Domain Solution (CDS).

teal outline of monitor with users

Deliver the best user experience

SMS, one time passwords and mobile authenticators are cumbersome to use and hinder productivity. They are also easily breached via man-in-the-middle phishing attacks. The top two data breach attack vectors today are phishing attacks and stolen credentials (source: Verizon 2019 Data Breach Investigation Report).

YubiKeys offer the best of both worlds – the best available security against phishing attacks and account takeovers, as well as the best user experience. To authenticate, users simply tap/touch their security key. YubiKeys also don’t require batteries, have no breakable screens, don’t need a cellular connection, and are water-resistant and crush-proof.

Read now: Going passwordless in the public sector with FIDO2/WebAuthn

YubiKey FIPS series keys

Procuring YubiKeys

YubiKeys are available for procurement through multiple convenient channels
Engage with the YubiKey Public Sector team for strategic implementations
Address: Yubico Inc. 530 Lytton Ave #301, Palo Alto, CA 94301-1541
Purchase via GSA or SEWP V contract
RockITek = GSA Contract # 47QTCA19D0085
Immix = GSA Contract # GS-35F-0511T / SEWP V NNG15SC16B (Category A, Group A) & NNG15SC39B (Category B, Group D)
DUNS: 046832835
CAGE Code: 6UUE2

Get Started

YubiKey FIPS family shot
Find the right YubiKey

Contact our sales team for a personalized assessment of your organization’s needs.

YubiKey in front of momument
Get protected today

Browse our online store today and buy the right YubiKey for you.


Recommended content

Thumbnail

Strong Authentication for U.S. Government Employees

Learn how to attain PIV compliance and the recent U.S. Cybersecurity Executive Order mandates that federal government agencies adopt multi-factor authentication (MFA) within 180 days.

Thumbnail

Seven tips if you’re still scratching your head after reading Biden’s cybersecurity executive order

Yubico works with a lot of federal agencies and contractors, as well as with customers in regulated industries, so we understand the challenges new compliance regulations can bring. The executive order that was released May 12 can be seen as the federal government fully embracing the move toward multi-factor authentication (MFA) for use cases where

Thumbnail

New-Era Authentication: For Federal Zero Trust Initiative

Read the SNG Fedscoop Report on new era authentication and how it aligns with the new White House Executive Order on protecting the nation’s cybersecurity.

Thumbnail

The YubiKey 5 FIPS Series is here and there are 5 things you need to know

Today, we’re thrilled to announce yet another product milestone in addition to the launch of YubiHSM 2 FIPS — the long-awaited YubiKey 5 FIPS Series is now generally available. It is the industry’s first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card (PIV/CAC), to receive FIPS 140-2 validation, Overall