Yubico submits YubiKey 5 FIPS Series for FIPS 140-3 validation

We're excited to share that the YubiKey 5 FIPS Series latest 5.7.4 firmware has completed testing by our NIST accredited testing lab, and has been submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation, Overall Level 2 and Physical Level 3. This marks a significant milestone in our ongoing commitment to providing high-assurance security solutions to government agencies and highly regulated industries while aligning with the latest regulatory standards.

Yubico has a large number of customers that rely on our YubiKey 5 FIPS Series security keys to keep their organizations secure from increasingly sophisticated phishing attacks, as well as stay compliant to the latest government and industry regulations. The next steps in our journey toward FIPS 140-3 validation ensures the strongest phishing-resistant security for our customers will be available and in line with CMVP recommendations for transitioning, thus allowing organizations to meet strict compliance requirements with the highest authenticator assurance level 3 (AAL3) requirements from the NIST SP800-63B guidance.

Once certified by CMVP, the newly updated YubiKey 5 FIPS Series keys will be available in all the same form factors as the prior FIPS 140-2 validated YubiKey 5 FIPS Series. Aligned with our recently updated YubiKey 5 Series keys released in early 2024 with 5.7 firmware, YubiKey 5 Series FIPS keys include a number of enterprise-focused features for customers that also require FIPS certified authenticators. The newly enhanced enterprise-focused features within the YubiKey 5.7 firmware include:

• Enhanced PIN complexity enabled by default across all YubiKey applications, including FIDO2, PIV, and OpenPGP.
• Enterprise attestation facilitates the retrieval of unique identifiers during FIDO2 registration and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.
• FIDO Client to Authenticator Protocol (CTAP) 2.1 implementation brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in "enroll on behalf" scenarios.
• Expanded passkey and passwordless storage capabilities - accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials.
• Expansion and enhancement of public key algorithms, including support for larger RSA keys (RSA-3072 and RSA-4096) and Ed25519, key types enhances key management functions and flexibility for organizations, aligning with DoD memo requirements on stronger public key algorithms
• Restricted NFC usage during transit - NFC capable YubiKeys have restricted NFC usage to prevent manipulation during transit. Read more here.
• FIDO Level 2 (L2) certification - at the same time of submission, the YubiKey 5 FIPS Series will also be submitted for FIDO L2 certification.

Yubico is committed to supporting our current and future FIPS customers. To stay up to date on the YubiKey 5 FIPS Series certification progress, please visit the CMVP's Module-in-Process List. Yubico will continue to release information and updates regarding YubiHSM 2 firmware for FIPS 140-3 certification as details become available.

Contact your Yubico representative or our sales team for any questions related to getting access to the YubiKey 5 FIPS Series 'release candidate' keys for your organization today.