Yubico is hoping to give its customers more confidence in its security solutions. To that end, the company has officially submitted its YubiKey 5 Series firmware to the Cryptographic Module Validation Program (CMVP) for FIPS 140-2 Overall Level 2 (and Physical Security Level 3) certification. The decision was made after the firmware was vetted by Yubico’s own NIST accredited testing lab.
Yubico also plans to follow up with additional FIPS 140-2 submissions. The YubiKey 5 Series will be submitted for Level 1 certification, while the firmware in the YubiHSM 2 Hardware Security Module (HSM) will be submitted for FIPS Level 3.
Once the Security Level 3 testing is complete, organizations will be able to use the YubiKey 5 to fulfill the security requirements of the Federal Risk and Authorization Management Program (FedRAMP) and the Defense Federal Acquisition Regulation Supplement (DFARS). According to Yubico, the 5 series will be the first FIDO2 security keys to achieve FIPS 140-2 certification.
The YubiKey 5 series includes the YubiKey 5 NFC, the 5Ci, the 5C Nano, and the 5 Nano. When it debuts, the upcoming YubiKey 5C NFC will also join the 5 portfolio. Yubico’s various hardware offerings are available through the company’s new YubiEnterprise Delivery Service.