Yubico Solutions for the Public Sector

YubiEnterprise Subscription - Procurement that’s fast, predictable and cost-effective

Organizations can derive greater value from their strong authentication investment by considering a subscription purchase as compared to a perpetual license purchase. With YubiEnterprise Subscription, available as a Plus or Standard enterprise plan, an organization can give their users greater choice of YubiKey form factors, and has access to additional features such as buffer stock, discounts on backup YubiKeys, key replacements, extended warranty, Professional Services entitlements and many others—all with predictable OPEX spending that allows for a one-time funding request to help to more confidently navigate the changing cyberthreat and compliance landscape.

YubiEnterprise Subscription simplifies how businesses procure, upgrade, and support YubiKeys. Subscription is available to customers with over 500 users.

• Access Yubico experts with always-on technical support
• Upgrade easily to the latest YubiKeys as they become available
• Experience predictable OpEx spending by purchasing YubiKeys on a per user basis

YubiKey 5 FIPS Series

The YubiKey 5 FIPS Series is a FIPS 140-2 validated lineup that supports strong multi-factor and passwordless authentication, enabling government agencies and regulated industries to meet the highest authenticator assurance level 3 (AAL3) requirements from the NIST SP800-63B guidance. Multiple authentication and cryptographic protocols are supported, including FIDO2/WebAuthn, FIDO U2F, PIV Smart Card, and Yubico OTP. Many of the highest risk and security conscious organizations in the world trust the YubiKey 5 FIPS Series to protect employee access to computers, networks, and online services.

• DoD Office of the CIO (OCIO) Memo, 20 August 2018: Approved YubiKeys as one of only two commercial alternatives to the PIV/CAC, for use as a MFA token for DoD unclassified and secret classified information systems and applications.
• DoD OCIO Memo on Mobile Public Key Infrastructure (PKI) Credentials, 19 December 2019: Approved YubiKeys as a mobile authenticator for issuance of DoD Mobile PKI credentials.
• Available on Department of Homeland Security, Continuous Diagnostics and Mitigation (CDM) as a preferred authenticator to meet OMB Memorandum M-19-17.
• FIPS 140-2 validated: Meets Authentication Assurance Level 3 requirements (AAL3) of NIST SP800-63B.
• WebAuthn, FIDO, FIDO2, DFARS/NIST SP 800-171 and CMMC compliant.
• Supports Defense Information Systems Agency (DISA) Purebred derived credentials for secure credentialing of BYOD/BYOAD mobile devices.
• Derived-PIV support with most of the major CMS/CA vendors that are in use across federal civilian and in conjunction with the GSA USAccess Program.
• Multiple authentication protocols on a single key— PIV/CAC, OTP, FIDO U2F, FIDO2/WebAuthn.
• Uses: laptops, desktops, all mobile devices.
• Secure United States manufacturing and supply chain for trustworthy components, using stringent processes.
• Strong authentication for non-traditional users: Non PIV/CAC eligible and privileged users, BYOD/BYOAD, closed/air-gapped/legacy networks and Defense Industrial Base and coalition partners.

FIPS 140-2 Validated Security Keys

Meets stringent compliance requirements for highly security-conscious organizations.

Superior Authentication

FIPS 140-2 Validated (Overall Levels 1 and 2, Physical Security Level 3) and compliant with NIST SP800-63B guidance for the highest Authenticator Assurance Level 3 (AAL3).

Easy, Fast, Reliable

The hardware authenticator provides one-touch strong authentication and does not require a battery or network connection.

 

Reduces IT Costs

Reduces password-related support incidents by 92% and significantly cuts IT support costs.

YubiHSM 2 FIPS

As the smallest hardware security module in the world, the YubiHSM 2 is available as a FIPS 140-2 validated, Level 3 solution. It ensures uncompromised cryptographic hardware security for servers, applications, databases, assembly lines, IoT devices, and cryptocurrency exchanges at a fraction of the cost and size of traditional HSMs. Organizations can rapidly integrate the hardware security offered by either HSM option using the open source SDK 2.0 and ensure iron clad protection of high volume and sensitive transactions. The YubiHSM enables organizations of all sizes to enhance cryptographic key security throughout the entire lifecycle, reduce risk and ensure adherence with compliance regulations. With the YubiHSM SDK 2.0 available as open source, organizations can easily and rapidly integrate support for the secure HSM into a wide range of platforms and systems for existing and emerging use cases where strong security is more critical than ever before.

• High quality - Built to last. IP68 rated (water and dust resistant), crush resistant, no batteries required, no moving parts.
• Rapid Integration, Easy Management - Custom application support using open source libraries. Interfaces via YubiHSM KSP, PKCS#11, and native libraries.
• Form-factor - “Nano” for discrete in-port retention. USB-A connector for standard 1.0, 2.0 and 3.0 ports. Designed for low-power usage.
• Securely manufactured - From component sourcing through manufacturing, Yubico ensures the highest levels of security. Made in the USA & Sweden.
• NIST Certification - FIPS 140-2 validated (Overall Level 2, Physical Security Level 3)

Not Your Traditional HSM

The world’s smallest HSM secures modern infrastructures other traditional HSMs with a bigger footprint can’t.

Enhanced Protection for Cryptographic Keys

Secure generation, storage, and management of digital keys.

Rapid Integration with Hardware-backed Security

A complete open-source cryptographic toolkit with support for PKCS#11.

 

Simplified Deployment for Organizations of All Sizes

Its ultra-portable design and affordable price make it ideal for securing a wide range of both established and emerging use cases.