Deploying the YubiKey 5 FIPS Series

The YubiKey 5 FIPS Series keys firmware 5.7. is certified under FIPS 140-3 Level 2.

The YubiKey chipset is certified at FIPS 140-3 Physical Security Level 3. This provides both tamper-evidence and tamper-resistance. In turn, this means the YubiKey 5 FIPS Series keys can be used in an Overall Security Level 1 or 2 environment without issue.

NIST SP 800-63-B provides guidance on the level required for your deployment.

Note

• Effective May 2026, YubiKey 5 FIPS Series 5.4.x FIPS 140-2 certification moved to the Sunset List.
• Effective September 22, 2026, All FIPS 140-2 certification will be moved to the Historical List.

The YubiKey 5 FIPS Series keys firmware 5.4.2 and 5.4.3, certified under FIPS 140-2 Level 1 and FIPS 140-2 Level 2, have two certificates, each corresponding to a different level of certification, but both certificates apply to the same keys.

Depending on which certification the YubiKey 5 FIPS Series is being deployed under, there are different requirements and initialization steps for securing the various functions. Each version requires more stringent initialization than the previous level. See the topic for the FIPS version you are using:

• FIPS 140-3 Changes and FIPS 140-3 Configuration
• YubiKey 5 FIPS Series 140-2 Level 2 Changes and Configuration
• FIPS 140-2 Level 1 Configuration