The new YubiKey 5 FIPS Series, which is the only authenticator authorised by the U.S. Government to hold both DoD PKI credentials and FIDO2 passkeys.
Yubico has announced that the next generation of its YubiKey 5 FIPS Series has achieved FIPS 140-3 validation, marking a significant advancement in government-grade cryptographic authentication and phishing-resistant security.
The certification, published by the National Institute of Standards and Technology (NIST) under Certificate #5291, validates the upgraded YubiKey 5 FIPS Series against the latest federal cryptographic security standards.
The move reinforces Yubico’s position in the growing market for hardware-backed authentication technologies designed to support Zero Trust security frameworks and passwordless environments.
The YubiKey 5 FIPS Series is widely deployed across government agencies, defence organisations and regulated industries requiring high-assurance authentication controls.
“Yubico is setting a new standard for high-assurance authentication, combining government-grade compliance with hardware-backed passkeys,” said Albert Biketi, chief product and technology officer at Yubico.
“YubiKey 5 FIPS Series is the only authenticator authorised by the U.S. Government to hold both DoD PKI credentials and FIDO2 passkeys – giving government and regulated organisations a secure bridge to passwordless.” said Biketi,
“With the transition from FIPS 140-2 to FIPS 140-3, government agencies and regulated organisations are moving to a new global standard for cryptographic security – and Yubico is leading this shift with the upgraded YubiKey 5 FIPS Series.” he said.
The transition from FIPS 140-2 to FIPS 140-3 is becoming increasingly important for organisations responsible for protecting sensitive information, including U.S. federal agencies, defence contractors and enterprises operating in heavily regulated sectors.
According to Yubico the YubiKey 5 FIPS Series remains the only authenticator authorised by the U.S. Department of Defense to support both DoD PKI credentials and FIDO2 passkeys on a single hardware device.
The company said the dual capability enables organisations to streamline authentication deployments while strengthening phishing-resistant security protections across environments supporting FIDO2/WebAuthn, PIV/Smart Card authentication, OpenPGP and OATH OTP.
The FIPS 140-3 framework aligns with the international ISO/IEC 19790:2012 cryptographic standard, providing a unified baseline for modern enterprise and government security operations.
Yubico says, the upgraded YubiKey 5 FIPS Series meets FIPS 140-3 Overall Level 2 requirements with Physical Security Level 3 protections and supports compliance with NIST SP 800-63B Authenticator Assurance Level 3 (AAL3) requirements.
The new YubiKey 5.7.4 firmware introduces several enterprise-focused enhancements designed for regulated and high-security environments.
The update includes support for expanded public key algorithms including RSA-3072, RSA-4096 and Ed25519.
It also introduces enhanced PIN complexity requirements across FIDO2, PIV and OpenPGP applications, alongside implementation of the FIDO Client to Authenticator Protocol (CTAP) 2.1 standard.
Additional updates include expanded storage capacity, supporting up to 100 device-bound passkeys, 64 OATH seeds and 24 PIV certificates across the upgraded YubiKey 5 FIPS Series.
The release also adds enterprise attestation capabilities that allow identity providers to retrieve serial numbers during FIDO2 registration.
The upgraded devices also introduce restricted NFC functionality during shipping to prevent tampering during transit and add support for SCP11, a secure channel protocol based on asymmetric cryptography.
The YubiKey 5 FIPS Series will be available in multiple form factors, including USB-A, USB-C, NFC, Lightning and Nano, enabling compatibility across modern laptops, mobile devices and secure closed-network environments.
