Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #5291

Details

Module Name
YubiKey 5 Cryptographic Module
Standard
FIPS 140-3
Status
Active
Sunset Date
5/21/2031
Overall Level
2
Caveat
When operated in approved mode; When installed, initialized and configured as specified in Section 11.1 of the Security Policy; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
Security Level Exceptions
  • Operational environment: N/A
  • Physical security: Level 3
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Module Type
Hardware
Embodiment
SingleChip
Description
The YubiKey 5 Cryptographic Module (the module) is a single-chip module validated at FIPS 140-3 Security Level 2. The module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence in addition to PIN for smart card authentication. The module implements several major functions - FIDO, PIV-compatible smart card, OpenPGP smart card, OATH authentication, Security Domain, and YubiHSM Auth.

Vendor

Yubico, Inc.
5201 Great America Parkway
ste 122
Santa Clara, CA 95054
United States

FIPS certification team
[email protected]
Phone: 1-650-285-0088

Related Files

Security Policy

Validation History

Date Type Lab
5/22/2026 Initial Penumbra Security, Inc.