YubiKey 5C NFC FIPS (Firmware 5.7)

The YubiKey 5 FIPS Series (USB-C + NFC, Firmware 5.7) is a government-validated, hardware-based security key delivering the latest FIPS 140-3 cryptographic protection for organisations that require validated (not merely compliant) authentication. Each key has been independently tested by a NIST-accredited laboratory and listed under CMVP Certificate #5291, meeting Authenticator Assurance Level 3 (AAL3) under NIST SP800-63B.

FIPS 140-3 introduces strengthened cryptography including RSA-3072, RSA-4096, Ed25519, and Secure Channel Protocol (SCP11), along with stricter PIN complexity enforcement and enhanced physical security mandates. With multi-protocol support including FIDO2, PIV (Smart Card), Yubico OTP, OATH, and OpenPGP, this key provides unified authentication across modern cloud, hybrid, and legacy environments.

DoD recognition: The YubiKey 5 FIPS Series is uniquely DoD-approved to hold both PKI credentials and FIDO2 passkeys on a single device, with explicit recognition in the 2025 DoD CIO MFA memo and prior 2019 DoD approval for PKI credential storage on YubiKeys.

Note: The YubiKey for Windows Hello app is not compatible with YubiKey FIPS Series devices. Legacy FIDO U2F is disabled on the FIPS Series under FIPS 140-3, and Yubico OTP is a non-Approved function whose use takes the key out of FIPS-approved mode.

FIPS 140-3 Validated Security: Independently validated by a NIST-accredited laboratory (CMVP Certificate #5291) for high-assurance government and enterprise use

Strengthened Cryptography: Supports RSA-2048, RSA-3072, RSA-4096, ECC p256, ECC p384, and Ed25519 under the new 140-3 standard

Multi-Protocol Support: FIDO2/WebAuthn, PIV (Smart Card), OATH (HOTP/TOTP), OpenPGP, and Secure Channel (SCP03/SCP11); Yubico OTP remains available as a non-Approved function

Phishing and Account Takeover Protection: Hardware-backed cryptography eliminates credential theft and remote phishing attacks

Passwordless Authentication: Enables modern, phishing-resistant FIDO2/WebAuthn login across leading identity providers

Enterprise Integration: Seamlessly connects with Microsoft Entra ID, Google Cloud, Okta, AWS IAM, Ping Identity, and Cisco Duo

DoD-Approved Dual Capability: The only DoD-approved authenticator authorised to hold both PKI credentials and FIDO2 passkeys on a single device

Fast, Reliable Access: Authenticates up to 4× faster than OTP or SMS codes with no batteries or network required

Proven Cost Reduction: Reduces password reset requests by up to 92% (based on Google’s enterprise rollout data)

Rugged Design: IP68 rated, crush resistant, waterproof, and built for long-term enterprise deployment

Trusted Worldwide: Used by leading government agencies, financial institutions, and global enterprises

Model: YubiKey 5C NFC FIPS (USB-C, NFC-enabled)

Firmware: 5.7.4

Certifications: FIPS 140-3 (NIST CMVP #5291, Overall Level 2, Physical Security Level 3) | FIDO2 Certified | AAL3 (NIST SP800-63B)

Authentication Methods: Strong Two-Factor | Multi-Factor | Passwordless

FIPS 140-3 Validated Functions: FIDO2/WebAuthn | PIV (Smart Card) | OATH (HOTP/TOTP) | OpenPGP | Secure Channel (SCP03/SCP11)

Non-Approved (use takes the key out of FIPS-approved mode): Yubico OTP | Static Password

Cryptography: RSA 2048 | RSA 3072 | RSA 4096 | ECC p256 | ECC p384 | Ed25519

Connectivity: USB-C | NFC

Durability: IP68 rated | Crush Resistant | No Batteries | No Moving Parts

Device Type: FIDO HID Device | CCID Smart Card | HID Keyboard

UPC/GTIN: To be confirmed

Made in: USA and Sweden (EU)

The YubiKey 5C NFC FIPS (Firmware 5.7) (FIPS 140-3 validated) is compatible with major identity, access, and security platforms supporting FIDO2, PIV, or OTP, including:

• Microsoft Entra ID, Active Directory, Google Cloud Identity, AWS IAM
• Okta, Ping Identity, Cisco Duo, Salesforce
• 1Password, Keeper, Bitwarden, LastPass Premium
• Google Workspace, Dropbox, Microsoft 365, and other enterprise SaaS tools

The YubiKey 5 FIPS Series provides enterprise-grade, compliance-ready protection for organisations requiring validated, hardware-backed authentication under the latest FIPS 140-3 standard.