SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Yubico seeks FIPS 140-3 validation for YubiKey 5 series

Fri, 15th Nov 2024

Yubico is taking steps to achieve FIPS 140-3 validation for its YubiKey 5 FIPS Series by submitting it to the Cryptographic Module Validation Program (CMVP).

Jeff Wallace, a representative from Yubico, stated, "We're excited to share that the YubiKey 5 FIPS Series latest 5.7.4 firmware has completed testing by our NIST accredited testing lab, and will be submitted to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation, Overall Level 2 and Physical Level 3. This marks a significant milestone in our ongoing commitment to providing high-assurance security solutions to government agencies and highly regulated industries while aligning with the latest regulatory standards."

Yubico remains engaged with a significant number of clients who depend on the YubiKey 5 FIPS Series for security against advanced phishing attacks and compliance with recent government and industry regulations. The progression towards FIPS 140-3 validation aims to offer robust, phishing-resistant security in accordance with CMVP recommendations, thus facilitating organisations in adhering to the strict compliance requirements specified in the NIST SP800-63B guidance.

Upon receiving certification from CMVP, the updated keys from the YubiKey 5 FIPS Series will be available in the same form factors as the previously validated YubiKey 5 FIPS Series under FIPS 140-2 standards. The new iterations will include enterprise-focused features present in the recently updated YubiKey 5 Series keys, released in early 2024, which feature the 5.7 firmware.

The enhanced features of the YubiKey 5.7 firmware include increased PIN complexity across all applications like FIDO2, PIV, and OpenPGP, enterprise attestation for unique identification during FIDO2 registration, improved FIDO Client to Authenticator Protocol (CTAP) 2.1, and expanded passkey and passwordless storage capabilities.

Moreover, the public key algorithm support has been expanded to accommodate larger RSA keys (RSA-3072 and RSA-4096) and Ed25519, reflecting key management needs and aligning with Department of Defense memo requirements concerning stronger public key algorithms.

Sound security measures involve restricted NFC usage during transit for NFC-capable YubiKeys to prevent alterations. The YubiKey 5 FIPS Series will also be submitted for FIDO Level 2 (L2) certification simultaneously.

Yubico continues to support both its current and potential FIPS customers, providing updates on the progress of the YubiKey 5 FIPS Series certification, with information available on the CMVP's Module-in-Process List. Updates concerning YubiHSM 2 firmware for FIPS 140-3 certification will be released as they become available.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X