This page is intended to help Authenticator Vendors understand the required pieces of Authenticator Certification and different FIDO Certification scenarios. Such scenarios can be applicable during an authenticator’s initial certification, known as a base Certification, and when planning for and budgeting certification fees for multiple models or versions of a product line. They should also be considered for certification maintenance and changes that could occur during a Certified product’s lifetime.
Certification Scenarios
# | Authenticator | Functional Conformance Self-Validation Testing | Functional Interoperability Testing | Security Evaluation | FIDO Fees |
1 | FIDO Certified Authenticator that wants L1 Certification | Required | Required (New L1 Interoperability Requirements) |
Required – Security Secretariat | Functional + L1 |
2 | FIDO Certified Authenticator that wants L2 Certification | Not Required | Not Required | Required – Accredited Security Lab | L2 |
3 | FIDO Certified Authenticator that wants a Derivative Certification (until November 23, 2018*) |
Required | Not Required (Derivative) | Required – Security Secretariat | Derivative |
4 | FIDO Certified Authenticator that wants a Derivative Certification (after November 23, 2018*) |
Required | Required – Base Certification must be L1 Certified, at minimum | Required – Security Secretariat | Functional + L1 (for Base Certification) + Derivative |
5 | New Authenticator that wants L1 Certification | Required | Required | Required – Security Secretariat | Functional + L1 |
6 | L1 Authenticator that wants a Derivative Certification | Required | Not Required (Derivative) | Not Required | Derivative |
7 | L1 Authenticator that wants an L2 Certification | Not Required | Not Required | Required – Accredited Security Lab | Functional + L2 |
8 | L1 Authenticator that wants a Delta Certification | Not Required | Not Required | Required – Security Secretariat (Delta) | Delta |
9 | New Authenticator that wants L2 Certification | Required | Required | Required – Accredited Security Lab | Functional + L2 |
10 | L2 Authenticator that wants a Derivative Certification | Required | Not Required (Derivative) | Not Required | Derivative |
11 | L2 Authenticator that wants a Delta Certification | Not Required | Not Required | Required – Accredited Security Laboratory (Delta) | Delta |
* On November 23, 2018, Level 1 (L1) security certification will be the minimum requirement for all FIDO Authenticators. When filing for a Derivative Authenticator certification after this date, the base Certification must be at least L1 Certified.