Weโre excited to share that theย YubiKey 5 FIPS Seriesย latest 5.7.4 firmware has completed testing by ourย NIST accredited testing lab, and will be submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation, Overall Level 2 and Physical Level 3. This marks a significant milestone in our ongoing commitment to providing high-assurance security solutions to government agencies and highly regulated industries while aligning with the latest regulatory standards.
Yubico has a large number of customers that rely on our YubiKey 5 FIPS Series security keys to keep their organisations secure from increasingly sophisticated phishing attacks, as well as stay compliant to the latest government and industry regulations. The next steps in our journey toward FIPS 140-3 validation ensures the strongest phishing-resistant security for our customers will be available and in line with CMVP recommendations for transitioning, thus allowing organisations to meet strict compliance requirements with the highest authenticator assurance level 3 (AAL3) requirements from the NIST SP800-63Bย guidance.
Once certified by CMVP, the newly updated YubiKey 5 FIPS Series keys will be available in all the sameย form factorsย as the prior FIPS 140-2 validated YubiKey 5 FIPS Series. Aligned with our recently updated YubiKey 5 Series keys released in early 2024 withย 5.7 firmware, YubiKey 5 Series FIPS keys include a number of enterprise-focused features for customers that also require FIPS certified authenticators. The newly enhanced enterprise-focused features within the YubiKey 5.7 firmware include:
- Enhanced PIN complexity enabled by defaultย across all YubiKey applications, including FIDO2, PIV, and OpenPGP.
- Enterprise attestationย facilitates the retrieval of unique identifiers during FIDO2 registration and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.
- FIDO Client to Authenticator Protocol (CTAP) 2.1 implementationย brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in โenroll on behalfโ scenarios.
- Expanded passkey and passwordless storage capabilitiesย โ accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials.
- Expansion and enhancement of public key algorithms, including support for larger RSA keys (RSA-3072 and RSA-4096) and Ed25519, key types enhances key management functions and flexibility for organisations, aligning with DoD memo requirementsย on stronger public key algorithms
- Restricted NFC usage during transitย โ NFC capable YubiKeys have restricted NFC usage to prevent manipulation during transit. Read moreย here.
- FIDO Level 2 (L2) certificationย โ at the same time of submission, the YubiKey 5 FIPS Series will also be submitted for FIDO L2 certification.
Yubico is committed to supporting our current and future FIPS customers.
To stay up to date on the YubiKey 5 FIPS Series certification progress, please visit theย CMVPโs Module-in-Process List. Yubico will continue to release information and updates regarding YubiHSM 2 firmware for FIPS 140-3 certification as details become available.