YubiKey for State and Local Government
Cyber threat protection strategies in state and local government
– Lessons learned from 2020 that can inform cybersecurity planning in the years ahead
– How access management fits into a broader cybersecurity strategy
-How strong authentication practices have strengthened security for remote work, expanded digital services, and more
Zero-trust, secure passwordless and multi-factor authentication for state and local government
YubiKeys provide highest assurance authentication without compromise to help you go passwordless, modernize multi-factor authentication and smart card deployments to ensure only authorized access to sensitive personal information and community services.
Meets Federal Government Compliance Requirements
Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad.
- FIPS 140-2 certified (Certificate #3517) Overall Level 2, Physical Security Level 3
- Validated to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements
- Support for DFARS/NIST SP 800-171
- WebAuthn/FIDO/FIDO2 compliant
- Approved for use in DOD Non-Classified and Secret Classified Environments
Easy-to-use, strong authentication
Ensure government compliant, highest assurance multi-factor and passwordless authentication
Government employees and contractors are likely to be targeted by hackers and nation-states, so authentication solutions need to be resistant to phishing and account takeovers, and comply with FIPS 140-2, DFARS and NIST SP 800-63-3 AAL.
YubiKeys offer the best available passwordless and multi-factor authentication against phishing attacks and account takeovers. They are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines, and are CJIS, WebAuthn, FIDO, FIDO2 and DFARS/NIST SP 800-171 compliant.
Secure services for internal employees and local constituents
State and local government systems contain sensitive information such as social security numbers and citizen data. Internal employees need secure access to this information and external constituents need to seamlessly access citizen services without leaving open attack vectors.
YubiKeys protect hundreds of cloud and on-premises applications and seamlessly integrate with existing Identity Management solutions like Microsoft, Duo, Okta and Ping, giving employees and your constituents a single security key for zero-trust access to government systems and services.
Deploy fast, one-touch authentication for first responders
For first responders like policemen and firemen time is of the essence. First responders need secure and speedy access to machines, VPN and CJIS systems like criminal databases, license plate databases and more.
With the YubiKey, first responders get fast and easy MFA access to protected systems and data via reliable hardware security that does not require a battery or network connectivity. It offers strong one-touch security, and is 4 times faster than typing in an OTP.
Secure sensitive information across elections and political campaigns
YubiKeys protect against domestic and foreign threats by securing sensitive information and high-risk individuals across election networks and political campaigns. They ensure email confidentiality, secure access to laptops, protect voter databases and stop candidate social account takeovers.
YubiKeys protect against domestic and foreign threats by securing sensitive information and high-risk individuals across election networks and political campaigns. They defend global democracy by ensuring email confidentiality, securing access to laptops, protecting voter databases and stopping candidate social account takeovers.
Offer zero-trust security with the best user experience
SMS codes, one-time passwords, and mobile push authenticators require additional cumbersome steps while not being secure. Waiting for and typing in one-time codes, or going through extra steps creates user fatigue and decreases employee productivity.
With YubiKeys, you are no longer forced to choose between strong security and user experience. YubiKeys don’t require connectivity to work and are always available and ready for authentication. Hardware-based zero trust security is combined with an intuitive user experience that’s 4 times faster than SMS.
Reduce password support incidents and lower IT operational costs
Gartner estimates that 20-50% of helpdesk calls are for password resets, and Forrester estimates the cost of each incident to be approximately $70 (source: Best Practices: Selecting, Deploying, and Managing Enterprise Password Managers”, Forrester Research). These costs can increase for state and local government agencies that don’t have large IT teams.
Reducing password-related support incidents saves your agency from high IT operational costs. The YubiKey has been proven to reduce support incidents by up to 92%, saving you money while increasing productivity.
Case in point:
Midwestern U.S. state uses the YubiKey to protect voter registration database
- The state maintains sensitive voter records, which include information such as name, date of birth, address, and voting history.
- Needed a way to ensure voter data is secure against database hacking and up-to-date.
- The YubiKey hardware-based authentication solution chosen to secure all external login requests.
- Key benefits include a highly secure solution to protect voter registration databases, and an easy-to-use solution for its diverse group of users.
- YubiKeys are cost-effective to maintain as they don’t require a battery, power source, or other parts that need to be replaced.
- Deployed more than 1,000 YubiKeys to employees accessing the voter registration database.
- Support for open authentication standards like FIDO U2F and FIDO2 ensures compatibility across all modern browsers.
- Freedom from a proprietary platform that could become obsolete or costly to maintain.
“While the attackers might be the same – we will definitely see nation states and cyber criminals and hacktivists – their motivations to attack a specific campaign would be greater than, say, an attacker who is probing networks, looking for someone who didn’t patch for the latest version of Windows.”
“We should expect to see attacks against election systems, elected officials, and candidates to only increase as the 2020 elections get closer.”
Identify Yourself: Cyber threat protection strategies in state and local government
Lessons learned from 2020 that can inform cybersecurity planning in the years ahead.
Portable root of trust for government
The YubiKey is a portable root for remote workers, non PIV/CAC eligible workers, mobile/BYOD, and shared devices/workstations.
Why 3 government agencies are relying on hardware-based MFA with YubiKeys
America’s government is under attack. To put it more accurately, its governments are under attack, all the time, at every level — federal, state, and local — from opportunistic scammers, sophisticated cybercriminals, and even state actors. We’ve all seen the stories about intelligence services stealing political emails, snooping into election systems, and even penetrating the US power grid. But those are just …