Yubico Solutions for the Public Sector

The YubiKey 5 FIPS Series is a FIPS 140-2 validated lineup that supports strong multi-factor and passwordless authentication, enabling government agencies and regulated industries to meet the highest authenticator assurance level 3 (AAL3) requirements from the NIST SP800-63B guidance. Multiple authentication and cryptographic protocols are supported, including FIDO2/WebAuthn, FIDO U2F, PIV Smart Card, and Yubico OTP. Many of the highest risk and security conscious organizations in the world trust the YubiKey 5 FIPS Series to protect employee access to computers, networks, and online services.

• DoD Office of the CIO (OCIO) Memo, 20 August 2018: Approved YubiKeys as one of only two commercial alternatives to the PIV/CAC, for use as a MFA token for DoD unclassified and secret classified information systems and applications.
• DoD OCIO Memo on Mobile Public Key Infrastructure (PKI) Credentials, 19 December 2019: Approved YubiKeys as a mobile authenticator for issuance of DoD Mobile PKI credentials.
• Available on Department of Homeland Security, Continuous Diagnostics and Mitigation (CDM) as a preferred authenticator to meet OMB Memorandum M-19-17.
• FIPS 140-2 validated: Meets Authentication Assurance Level 3 requirements (AAL3) of NIST SP800-63B.
• WebAuthn, FIDO, FIDO2, DFARS/NIST SP 800-171 and CMMC compliant.
• Supports Defense Information Systems Agency (DISA) Purebred derived credentials for secure credentialing of BYOD/BYOAD mobile devices.
• Derived-PIV support with most of the major CMS/CA vendors that are in use across federal civilian and in conjunction with the GSA USAccess Program.
• Multiple authentication protocols on a single key— PIV/CAC, OTP, FIDO U2F, FIDO2/WebAuthn.
• Uses: laptops, desktops, all mobile devices.
• Secure United States manufacturing and supply chain for trustworthy components, using stringent processes.
• Strong authentication for non-traditional users: Non PIV/CAC eligible and privileged users, BYOD/BYOAD, closed/air-gapped/legacy networks and Defense Industrial Base and coalition partners.

As the smallest hardware security module in the world, the YubiHSM 2 is available as a FIPS 140-2 validated, Level 3 solution. It ensures uncompromised cryptographic hardware security for servers, applications, databases, assembly lines, IoT devices, and cryptocurrency exchanges at a fraction of the cost and size of traditional HSMs. Organizations can rapidly integrate the hardware security offered by either HSM option using the open source SDK 2.0 and ensure iron clad protection of high volume and sensitive transactions. The YubiHSM enables organizations of all sizes to enhance cryptographic key security throughout the entire lifecycle, reduce risk and ensure adherence with compliance regulations. With the YubiHSM SDK 2.0 available as open source, organizations can easily and rapidly integrate support for the secure HSM into a wide range of platforms and systems for existing and emerging use cases where strong security is more critical than ever before.

● High quality - Built to last. IP68 rated (water and dust resistant), crush resistant, no batteries required, no moving parts.

● Rapid Integration, Easy Management - Custom application support using open source libraries. Interfaces via YubiHSM KSP, PKCS#11, and native libraries.

● Form-factor - “Nano” for discrete in-port retention. USB-A connector for standard 1.0, 2.0 and 3.0 ports. Designed for low-power usage.

● Securely manufactured - From component sourcing through manufacturing, Yubico ensures the highest levels of security. Made in the USA & Sweden.

● NIST Certification - FIPS 140-2 validated (Overall Level 2, Physical Security Level 3)