• Phishing-resistant MFA for Department of Defense

    DOD-approved, modern phishing-resistant MFA for emerging zero trust use cases
    Read capability statement
    Home » Industries » Phishing-resistant MFA for Department of Defense

    Zero Trust security and phishing-resistant MFA for Department of Defense

    Military officer using YubiKey and phone

    Phishing-resistant multi-factor authentication (MFA) and Zero Trust security architectures are key requirements for the DOD per Executive Order 14028 on improving the nation’s cybersecurity and the subsequent National Security Memorandum NSM-8

    While CAC meets the highest assurance of multi-factor authentication (MFA) when using DOD Public Key Infrastructure (PKI), there are a growing number of scenarios that have the same assurance requirements where CAC is not available or practical. These scenarios include secure access for telework, BYOAD (Bring Your Own Approved Devices), non-CAC eligible coalition and mission partner environments, air-gapped/isolated networks, shared devices and tactical scenarios overseas where relying on a CAC may inadvertently reveal identities. There is a growing need for cost-effective, turnkey solutions to address the needs of today and future-proof against the authentication needs of tomorrow— including those currently under DOD policy review such as Fast Identity Online (FIDO) authentication standards. 

    Yubico offers the YubiKey FIPS, a DOD approved hardware security key. YubiKeys are widely deployed in the US Government with over 150 unique implementations including US Army, US Navy, US Air Force, US Marine Corps, US Space Force, DOD Missile Defense Agency and more.

    Yubico also offers the YubiHSM 2 FIPS, a FIPS 140-2 validated hardware security module in a cost-effective nano model that is optimal for DOD mobility use cases and to providers developing Commercial Systems for Classified (CSfC) solutions at the tactical edge, meeting increasing requirements for an external cryptographic store for root certificates. It has been included in approved CSfC solutions deployed by the US Department of Defense.

    YubiKey across the U.S. Department of Defense

    AirForce resource preview
    Modern authentication for the Department of the Air Force
    Read more >
    Naval resource preview
    Modern authentication for the modern naval war fighter
    Read more >
    Army resource preview
    Modern authentication for the Army
    Read more >

    Benefits of the phishing-resistant YubiKey
    shield icon
    DOD compliant 
phishing-resistant MFA

    YubiKeys offer phishing-resistant security and are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3. YubiKeys are also WebAUTHN, FIDO, FIDO2 and DFARS, and NIST SP 800-171 compliant.

    YubiKeys are approved and meet the DOD Mobile PKI credentials storage requirements per DOD OCIO Memo on Mobile Public Key Infrastructure (PKI) Credentials, 20 December 2019, by meeting FIPS 140-2 Level Security Level 2 overall and Level 3 for Physical Security.  In addition, the DOD Office of the CIO (OCIO) Memo on Interim Digital Authentication Guidelines for Unclassified and Secret Classified DOD Networks and Information Systems, 20 August 2018, approved YubiKeys as one of only two commercial alternatives to the CAC, for use as a MFA token for DOD unclassified and secret classified information systems.
    hacker icon
    Built for modern use cases

    The YubiKey supports CAC and modern strong credentialing without peripheral devices, enabling phishing-resistant authentication for non-traditional users such as non CAC eligible and privileged users, BYOD/BYOAD, closed/air-gapped/legacy networks, and Defense Industrial Base (DIB) and coalition partners.

    Unlike managing multiple certificates across mobile devices and CAC cards, a YubiKey with one certificate can be used as a portable root of trust across multiple devices including mobile and BYOD/BYOAD. And unlike mobile-based authenticators, YubiKeys are phishing resistant and purpose built for security, don’t require Government Furnished Equipment (GFE) or a network connection.They are also malware resistant, waterproof, crush-resistant and dustproof, and have no amplifying information.
    browser icon
    Support for derived credentials

    The YubiKey includes a secure built-in chip that accommodates Purebred derived CAC requirements for secure credentialing in-line with the technical requirements of NIST SP 800-157.

    While derived credentials stored on a device are a security risk, credentials stored on YubiKeys cannot be extracted or tampered with. As a side benefit, if a mobile or computer device is lost or stolen, or a new device issued, the YubiKey can be used as an easy method to establish or re-establish trust with online accounts and re-register the internal authenticator on a new device.
    gears icon
    Secure and trustworthy manufacturing

    Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad, ensuring rapid, secure logistics/shipping of YubiKeys directly to employees in the office, in the field, or even at home.

    WHITE PAPER

    Modernizing authentication across the Department of Defense with phishing-resistant MFA

    Learn how YubiKeys help meet Zero Trust and phishing-resistant MFA requirements for emerging use cases.

    Download now

    YubiHSM 2—world’s smallest HSM to secure communications at the tactical edge

    Today’s warfighters and the network architects that design the communications networks that they rely on are faced with adversaries that are increasingly sophisticated. It’s critical that sensitive and classified information is secured while in transit and at rest across the supply chain.

    Public key cryptography plays a key role in securing this data whether it’s CUI data used throughout the federal government or Secret and Top Secret data secured through the NSA’s Commercial Solutions for Classified program. Turn-key solutions for a PKI environment are crucial in delivering secure data to the warfighters at the tactical edge and remote workers around the globe.

    The YubiHSM 2 FIPS is a FIPS 140-2 validated Overall Level 3 (Certificate #3916), hardware security module that is built in a portable nano form factor with low power usage for secure generation and storage of private key data for rugged computers and devices at the tactical edge.

    Learn more here
    YubiHSM 2 with server

    Procuring Yubico Solutions

    Yubico solutions are available for procurement through multiple convenient channels.

    Engage with our Yubico Public Sector and Channel teams for strategic implementations:

    Contact us

    Email us

    Purchase options:


    via GSA or SEWP V contract

    Carahsoft Technology Corporation = GSA Multiple Award Schedule
    Contract # 47QSWA18D008F

    Aug 22, 2018- Aug 21, 2028

    NASA SEWP V

    NNG15SC03B/NNG15SC27B

    May 01, 2015- Apr 30, 2025

    ITES-SW2

    W52P1J-20-D-0042

    Aug 31, 2020- Aug 30, 2025

    *Additional Option Years Available

    Immix = GSA Contract # GS-35F-0511T / SEWP V NNG15SC16B
    (Category A, Group A) & NNG15SC39B (Category B, Group D)

    DUNS: 046832835


    CAGE Code: 6UUE2
    YubiKey 5 FIPS family photo