-
DOD-approved, modern phishing-resistant MFA for modern zero trust use cases
Read the white paper
Home » Industries » YubiKey for Federal Government
Zero Trust security and phishing-resistant MFA for Federal Government
Phishing-resistant multi-factor authentication (MFA) and Zero Trust security architectures are key requirements for federal agencies per Executive Order 14028 on improving the nation’s cybersecurity that was released on May 12, 2021, and the subsequent Office of Management and Budget (OMB) Memo M-22-09, and National Security Memorandum/NSM-8.
Traditionally used PIV and CAC aren’t suitable for federal use cases such as non PIV/CAC eligible users, contractors, DIB, mobile users and Bring Your Own Approved Device (BYOAD), closed/air-gapped networks, and cloud services.
Legacy authentication methods insufficient
Relying on usernames and passwords or legacy mobile-based authenticators causes a security risk as usernames and passwords are easily hacked, and SMS, OTP and push notification apps are highly susceptible to phishing, account takeovers, SIM swaps, and man-in-the-middle (MiTM) attacks.
YubiKey: DOD-approved phishing-resistant MFA
In accordance with Homeland Security Presidential Directive 12 (HSPD 12), Yubico offers the phishing-resistant, FIPS 140-2 validated YubiKey for highest-assurance multi-factor and passwordless authentication. YubiKeys are widely deployed in the US Government with over 150 unique implementations including US Army, US Navy, US Air Force, US Marine Corps, US Space Force, DoD Missile Defense Agency, Federal Bureau of Investigation (FBI), National Security Agency (NSA), Department of Energy and more.
YubiHSM 2 FIPS: Game-changing cryptographic protection for servers & mobility vehicles
Yubico also offers the YubiHSM 2 FIPS, a FIPS 140-2 validated hardware security module in a cost-effective nano model that is optimal for DOD mobility use cases and to providers developing Commercial Systems for Classified (CSfC) solutions at the tactical edge, meeting increasing requirements for an external cryptographic store for root certificates. It has been included in approved CSfC solutions deployed by the US Department of Defense.
Phishing-resistant MFA for Federal Government
Benefits of the phishing-resistant YubiKey
Federal compliant phishing-resistant MFA
YubiKeys offer phishing-resistant security and are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3. YubiKeys are also WebAUTHN, FIDO, FIDO2 and DFARS, and NIST SP 800-171 compliant.
YubiKeys are approved and meet the DoD Mobile PKI credentials storage requirements per DoD OCIO Memo on Mobile Public Key Infrastructure (PKI) Credentials, 20 December 2019, by meeting FIPS 140-2 Level Security Level 2 overall and Level 3 for Physical Security. In addition, the DoD Office of the CIO (OCIO) Memo on Interim Digital Authentication Guidelines for Unclassified and Secret Classified DoD Networks and Information Systems, 20 August 2018, approved YubiKeys as one of only two commercial alternatives to the PIV/CAC, for use as a MFA token for DoD unclassified and secret classified information systems.
Built for modern DOD and Civilian use cases
The YubiKey supports PIV, CAC, and modern strong credentialing without peripheral devices, enabling phishing-resistant authentication for non-traditional users such as non PIV/CAC eligible and privileged users, BYOD/BYOAD, closed/air-gapped/legacy networks, and Defense Industrial Base (DIB) and coalition partners.
Unlike managing multiple certificates across mobile devices and PIV/CAC cards, a YubiKey with one certificate can be used as a portable root of trust across multiple devices including mobile and BYOD/BYOAD. And unlike mobile-based authenticators, YubiKeys are phishing resistant and purpose built for security, don’t require Government Furnished Equipment (GFE) or a network connection.They are also malware resistant, waterproof, crush-resistant and dustproof.
Support for derived credentials
The YubiKey includes a secure built-in chip that accommodates Purebred derived PIV/CAC requirements for secure credentialing in-line with the technical requirements of NIST SP 800-157.
While derived credentials stored on a device are a security risk, credentials stored on YubiKeys cannot be extracted or tampered with. As a side benefit, if a mobile or computer device is lost or stolen, or a new device issued, the YubiKey can be used as an easy method to establish or re-establish trust with online accounts and re-register the internal authenticator on a new device.
Secure and trustworthy manufacturing
Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad. Yubico works with Sebastian Tech Solutions (STS) for rapid, secure logistics/shipping of YubiKeys directly to employees in the office, in the field, or even at home.
Demo: YubiKey for mobile BYOAD/BYOD authentication
READ THE WHITE PAPER
Modernizing authentication across the Federal Government with phishing-resistant MFA
Read the Yubico white paper to learn how YubiKeys help you meet Zero Trust and phishing-resistant MFA requirements for emerging use cases.
Download now
YubiHSM 2— world’s smallest HSM to secure communications at the tactical edge
Today’s warfighters and the network architects that design the communications networks that they rely on are faced with adversaries that are increasingly sophisticated. It’s critical that sensitive and classified information is secured while in transit and at rest across the supply chain.
Public key cryptography plays a key role in securing this data whether it’s CUI data used throughout the federal government or Secret and Top Secret data secured through the NSA’s Commercial Solutions for Classified program. Turn-key solutions for a PKI environment are crucial in delivering secure data to the warfighters at the tactical edge and remote workers around the globe.
The YubiHSM 2 FIPS is a FIPS 140-2 validated Overall Level 3 (Certificate #3916), hardware security module that is built in a portable nano form factor with low power usage for secure generation and storage of private key data for rugged computers and devices at the tactical edge. Learn more here.
WATCH THE WEBINAR
Implications of outdated federal identity strategies
Learn about the challenges with current ICAM strategies and what’s needed for the makings of a modern federal identity strategy to enable digital modernization and cyber risk reduction.
Procuring Yubico solutions
Yubico solutions are available for procurement through multiple convenient channels.
Engage with our Yubico Public Sector and Channel teams for strategic implementations:
Contact us
Email us
Purchase options:
via GSA or SEWP V contract
Carahsoft Technology Corporation = GSA Multiple Award Schedule Contract # 47QSWA18D008F
Aug 22, 2018- Aug 21, 2028NNG15SC03B/NNG15SC27B
May 01, 2015- Apr 30, 2025W52P1J-20-D-0042
Aug 31, 2020- Aug 30, 2025
*Additional Option Years Available
Immix = GSA Contract # GS-35F-0511T / SEWP V NNG15SC16B (Category A, Group A) & NNG15SC39B (Category B, Group D)DUNS: 046832835
CAGE Code: 6UUE2
As an expert in cybersecurity and multi-factor authentication (MFA) solutions, I bring a wealth of knowledge and experience to the discussion. My expertise is grounded in a deep understanding of the evolving threat landscape, industry standards, and the latest technologies designed to bolster security measures.
In the context of the provided article on "DOD-approved, modern phishing-resistant MFA for modern zero trust use cases," it is evident that the focus is on addressing the cybersecurity challenges faced by federal agencies, particularly in light of Executive Order 14028 and subsequent directives. Let's break down the key concepts discussed in the article:
-
Executive Order 14028 and OMB Memo M-22-09:
- Executive Order 14028, released on May 12, 2021, mandates improvements in the nation's cybersecurity.
- Office of Management and Budget (OMB) Memo M-22-09 outlines additional cybersecurity requirements.
-
Phishing-Resistant MFA and Zero Trust Security:
- Phishing-resistant multi-factor authentication (MFA) and Zero Trust security architectures are highlighted as crucial for federal agencies.
-
Challenges with Traditional Methods:
- Traditional methods such as Personal Identity Verification (PIV) and Common Access Card (CAC) are deemed unsuitable for various federal use cases, including non-eligible users, contractors, mobile users, Bring Your Own Approved Device (BYOAD), closed/air-gapped networks, and cloud services.
-
Legacy Authentication Risks:
- The article points out that relying on usernames, passwords, and legacy mobile-based authenticators poses security risks, including susceptibility to hacking, phishing, account takeovers, SIM swaps, and man-in-the-middle attacks.
-
YubiKey as DOD-Approved Phishing-Resistant MFA:
- Yubico's YubiKey is highlighted as a DOD-approved, phishing-resistant MFA solution.
- It aligns with Homeland Security Presidential Directive 12 (HSPD 12) and is FIPS 140-2 validated for highest-assurance multi-factor and passwordless authentication.
- YubiKeys have widespread adoption across various U.S. Government entities, including military branches, intelligence agencies, and more.
-
YubiHSM 2 FIPS:
- Yubico also offers the YubiHSM 2 FIPS, a FIPS 140-2 validated hardware security module suitable for DOD mobility use cases and Commercial Systems for Classified (CSfC) solutions.
-
Compliance and Security Features:
- YubiKeys are compliant with various standards, including FIPS 140-2, NIST SP800-63B, WebAUTHN, FIDO, FIDO2, DFARS, and NIST SP 800-171.
- They meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines.
-
Use Cases and Flexibility:
- YubiKeys support a range of use cases, including PIV, CAC, and modern strong credentialing, catering to non-traditional users, BYOD/BYOAD, closed/air-gapped/legacy networks, and Defense Industrial Base (DIB).
-
Secure Manufacturing and Procurement:
- Yubico emphasizes secure manufacturing in the United States and a trusted supply chain.
- Yubico solutions are available for procurement through various channels, including GSA contracts and other government-approved options.
In summary, the article provides a comprehensive overview of the challenges faced by federal agencies in implementing modern, secure authentication solutions and highlights Yubico's YubiKey as a robust and DOD-approved option to address these challenges.
