Re: FIPS 140-2 Certification of NEO?

2015-09-15T11:34:18+01:00

Any yubico people able to respond to this? There is a lot of pressure in the wake of US Govt hacking incidents to tighten up security. We currently use Yubikeys and I want to continue to use them, but I need supporting documentation to sell the PIV yubikeys up the line. If I can't make that happen, I will have to investigate other PIV solutions and engineer a changeover.

Thanks.

Statistics: Posted by mprinkey — Tue Sep 15, 2015 11:34 am

FIPS 140-2 Certification of NEO?

2015-09-09T16:54:38+01:00

The Standard and Nano have been FIPS 140-2 certified to Level 1. Will the Yubico be seeking similar certification for the NEO and if so, what level of certification do to anticipate it receiving? In particular, do you anticipate that it could meet the requirements of NIST SP 800-63-1 Level 4?

Quote:

Level 4 – Level 4 is intended to provide the highest practical remote network authentication assurance. Level 4 authentication is based on proof of possession of a key through a cryptographic protocol. At this level, in-person identity proofing is required. Level 4 is similar to Level 3 except that only “hard” cryptographic tokens are allowed. The token is required to be a hardware cryptographic module validated at Federal Information Processing Standard (FIPS) 140-2 Level 2 or higher overall with at least FIPS 140-2 Level 3 physical security. Level 4 token requirements can be met by using the PIV authentication key of a FIPS 201 compliant Personal Identity Verification (PIV) Card.

Statistics: Posted by mprinkey — Wed Sep 09, 2015 4:54 pm

Yubico Forum

Re: FIPS 140-2 Certification of NEO?

FIPS 140-2 Certification of NEO?