LANGUAGE
  • 日本語
  • 한국어
  • 简体中文
  • English
  • What is FIDO?
  • Specifications
  • FAQ’s
  • Knowledge Base
  • Join
FIDO Alliance
  • The Alliance
    About FIDO Alliance
    • Alliance Overview
    • History of FIDO Alliance
    • FIDO Leadership
    • Legal & Logo Usage
    • Code of Conduct
    • Contact Us
    Our Membership
    • FIDO Members
    • Liaison Partners
    • Working Groups
    • Committees and Study Groups
    Join FIDO Alliance
    • Membership Benefits
    • Membership Application
    Newsletter Sign-Up
    FIDO Explained
  • Standards & Technology
    Work Areas
    • FIDO Authentication
    • Identity Verification & Binding
    • Internet of Things
    FIDO Authentication
    • How FIDO Works
    • Passkeys
    • FIDO2
    • FIDO Alliance Metadata Service
    • FIDO Privacy Principles
    • FIDO Design System
    • FIDO UX Guidelines
    Specifications
    • User Authentication Specifications Overview
    • Download Authentication Specifications
    • IoT Specifications Overview
    • Download IoT Specifications
    Developers
    • Getting Started
    • Developer Resources
    • FIDO Developer Challenge 2022 – India
  • Discover FIDO
    Getting Started Knowledge Base
    • Intro to FIDO
    • Building the Business Case
    • Buying, Building & Partnering
    • Implementation & Deployment
    Adoption
    • FIDO Case Studies
    • Market Solutions
    • Government & Public Policy
    • PSD2 Compliance
    • Deployment Showcase
    • FIDO Government Deployments and Recognitions
    • Enterprise Journey Map
    Resources
    Showcase
    Research
    Videos
    White Papers
    Presentations
    FAQ
  • FIDO® Certified
    FIDO Certification Programs
    • FIDO Certified Professional Program
    • Functional Certification
    • Authenticator Certification
    • Biometric Component Certification
    • Document Authenticity (Doc Auth)
    • Certification Maintenance and Updates
    Get Certified
    • Certification Overview
    • Certification Registration
    • Certification Fees
    • Secretariat
    • TMLA
    Certified Products
    • FIDO® Certified Products
    • FIDO Certified Showcase
  • News & Events
    Latest Updates
    • FIDO News Center
    • Events Calendar
    • FIDO in the News
    • Press Center
  • What is FIDO?
  • Specifications
  • FAQ’s
  • Knowledge Base
  • Join
Language
  • 日本語
  • 한국어
  • 简体中文
  • English
search
  • Certified Authenticator Levels
    • Certified Authenticator Levels
    • Authenticator Level 1
    • Authenticator Level 1+
    • Authenticator Level 2
    • Authenticator Level 3
    • Authenticator Level 3+
    • Companion Programs
    • FIDO Accredited Security Laboratories
    • Implementer Dashboard >
    1. Home 
    2. Certification Overview 
    3. Certified Authenticator Levels

    Certified Authenticator Levels

    The Authenticator Certification Levels introduce Authenticator Security Requirements to the FIDO Certification Program. Authenticators must be certified to at least Authenticator Certification Level 1 (L1) for UAF, U2F, and FIDO2 certification.

    The Levels build on each other, so L2 includes all the requirements for L1, plus additional requirements for L2.

    Currently, the supported Certification Levels are:

    • Level 1
    • Level 1+
    • Level 2
    • Level 3
    • Level 3+

    This page contains the Policy and Requirements Documents and the Authenticator Certification Process.

    Policy and Requirements Documents

    The documents for Authenticator Certification include:

    FIDO Authenticator Privacy Policy

    This policy governs the Authenticator Certification Levels as part of the FIDO Certification Program and more generally all FIDO technical specifications.

    Download: PDF

    The FIDO Authenticator Certification Level L1+ – UAF/U2F/FIDO2 Vendor Questionnaire

    Download: Excel

    FIDO Authenticator Certification Policy 

    This policy governs the Authenticator Certification Levels as part of the FIDO Certification Program.

    Download: PDF

    FIDO Authenticator Security and Privacy Requirements 

    This document outlines the Authenticator Security and Privacy Requirements for the Authenticator Certification Levels. Example: Implementations seeking L1 Certification must meet the requirements labeled “L1 and higher”, Implementations seeking L2 Certification must meet the requirements labeled “L1 and higher” and “L2 and higher”, and so forth depending on Certification level seeking. This document also includes the Vendor Questionnaire (for Levels L1 and L2), the Mapping Table (for Levels L3 and L3+) and the Test Procedure instructions for each requirement.

    Download v1.5 (ACTIVE): HTML | PDF
    Download v1.4.1 (Sunset): HTML | PDF
    Download v1.3 (Sunset): HTML | PDF

    FIDO Authenticator Vendor NDA Non-disclosure Agreement to be signed by the Authenticator Vendors (Implementers) completing Authenticator Certification.

    Download: PDF

    Vendor Questionnaire Worksheets  Non-normative  worksheets of the Vendor Questionnaires are available to assist Authenticator Vendors (Implementers) completing Authenticator Certification at L1 or L2.

    Download: Level 1 | Level 1+ | Level 2 | Sample Vendor Questionnaire. This sample should be used as a reference only. It is being provided as a guide for completing the Vendor Questionnaire and to help make the evaluation process more efficient and effective.

    FIDO Mapping Table Non-normative worksheets are available to assist Authenticator Vendors (implementers) completing Authenticator Certification at L3 or L3+, depending on the selected Companion Program.

    Download: Level 3/3+

    FIDO Impact Analysis Report (FIAR) This document defines the FIDO Impact Analysis Report (FIAR) template listing the scope and the structure of the expected contents. It describes the requirements for when changes are made to the authenticator and helps determine whether the authenticator is eligible for Derivative or Delta certification. This report must be completed by Authenticator Vendors (Implementers) and submitted to the FIDO Security Secretariat.

    Download: FIDO Impact Analysis Report (FIAR)

    FIDO Allowed Cryptography List This document defines Allowed Cryptography referenced in the Authenticator Security and Privacy Requirements.

    Download: HTML | PDF

    FIDO Allowed Restricted Operating Environments List This document defines the Allowed Restricted Operating Environments referenced in the Authenticator Security and Privacy Requirements.

    Download: HTML | PDF

    FIDO Authenticator Metadata Requirements This document defines the Authenticator Metadata Requirements referenced in the Authenticator Security and Privacy Requirements.

    Download: HTML | PDF

    Authenticator Certification Process

    The Authenticator Certification follows the Functional Certification process, and the Authenticator Certification process adds the evaluation of a completed Vendor Questionnaire at L1 or L2, or a completed Mapping Table at L3 or L3+. The Vendor Questionnaire is how a vendors documents their implementation  meets the Authenticator Security Requirements.

    If you already have a certified authenticator and made modifications, or are trying to obtain a Derivative certification, please refer to our Certification Maintenance and Updates page for the correct process to follow. Otherwise, please follow the steps below for Authenticator Certification.

    High-Level Process Steps

    1. Preparation
    2. Functional Certification Requirements
    3. Authenticator Certification Application (for all Authenticators)
    4. Security Evaluation
      • Vendor Questionnaire
      • Security Secretariat (L1) or Accredited Security Laboratory (L2, L3, or L3+) Security Evaluation & FIDO Evaluation Report
    5. Report Review
    6. Certification Issuance
    7. (Optional) Trademark Usage
    8. (Optional) Metadata Submission to FIDO MDS

    Preparation

    Implementations seeking FIDO Certification must fulfill the requirements specified in the documents above.

    All Authenticator Vendors seeking Authenticator Certification must create an account for FIDO Certification, you can request an account, or login.

    For Level 2 and higher, it is recommended that the Vendor contact a FIDO Accredited Security Laboratory early to work out contract and NDA details so the Vendor and the Lab are ready for the Security Evaluation process, and so the Accredited Security Laboratory can be listed as part of the Authenticator Certification Application step.

    Functional Certification Requirements

    Vendors must complete FIDO Functional Certification requirements for Authenticators, including the Conformance Self-Validation and Interoperability Testing, prior to submitting an application for FIDO Authenticator Certification.

    For L1, this includes the L1 Interoperability Requirements which  must be verified during Interoperability Testing.

    Authenticator Certification Application

    To begin FIDO Authenticator Certification, the Vendor completes the Authenticator Certification Application (through the Implementer Dashboard).

    The Certification Secretariat is responsible for reviewing and approving the Authenticator Certification Application and, if approved as complete, returning it to the Vendor.

    The Authenticator Certification Application must be approved before the Security Evaluation step can begin.

    Security Evaluation

    The Security Evaluation step includes the Vendor’s attestation of how the implementation meets the Security Requirements, and the Security Evaluation performed by the FIDO Security Secretariat or a FIDO Accredited Security Laboratory.  The Vendor Questionnaire is reviewed  at levels L1 and L2, or the Mapping Table at levels L3 or L3+, and completes the Test Procedures.

    For L1, The Vendor Questionnaire is completed in two steps:

    1. L1 Interoperability Requirements are verified during an Interoperability Event for a subset of the L1 Security Requirements. (This must be completed prior to the Authenticator Certification Application).
    2. The Vendor completes the L1 Vendor Questionnaire by providing a rationale for the remainder of the requirements not verified at the Interoperability Event.

    Once the Vendor Questionnaire is complete, it is submitted to the Security Secretariat. The Security Evaluationis performed by the Security Secretariat who reviews  the completed Vendor Questionnaire and performs the Security Test Procedures. The Security Secretariat will prepare the FIDO Evaluation Report.

    For L2, the Authenticator Vendor (Implementer) chooses a FIDO Accredited Security Laboratory to perform the Security Evaluation. The Authenticator Vendor (Implementer) submits  the L2 Vendor Questionnaire to the FIDO Accredited Security Laboratory and an Approved Evaluator performs the Security Test Procedures. The Approved Evaluator submits  a FIDO Evaluation Report to the Security Secretariat.

    For L3 and L3+, the Authenticator Vendor (Implementer) chooses  a FIDO Accredited Security Laboratory to perform Security Evaluation. The Authenticator Vendor (Implementer) submits the Mapping Table to the FIDO Accredited Security Laboratory and an Approved Evaluator performs the Security Test Procedures. The Approved Evaluator submits a FIDO Evaluation Report to the Security Secretariat.

    Report Review

    Once complete, the Authenticator Vendor (Implementer) reviews the FIDO Evaluation Report prepared by the FIDO Security Secretariat or Accredited Security Laboratory and submits to the Security Secretariat (through the Implementer Dashboard).

    For L1, the approved Vendor Questionnaire and FIDO Evaluation Report must be submitted to the Security Secretariat.

    For L2 and higher, only the FIDO Evaluation Report must be submitted to the Security Secretariat.

    The FIDO Evaluation Report must be approved by the Security Secretariat before the Authenticator Vendor (Implementer) can complete the Certification Request.

    Certification Issuance

    As part of submitting the required documents to FIDO, the Authenticator Vendor (Implementer) will also submit the Certification Request. The Certification Request is evaluated by the Certification Secretariat to ensure all requirements are met.

    The Authenticator Vendor (Implementer) must pay the Authenticator Certification Fees before a Certificate is issued.

    Trademark Usage (Optional)

    After executing the Trademark License Agreement (TMLA), Authenticator Vendors (Implementers) may use the FIDO® Certified mark and logo on their product, packaging, and marketing literature.

    Metadata Submission to MDS (Optional)

    The Authenticator Vendor (Implementer) has the option to submit Metadata to the FIDO Metadata Service (MDS).

    Implementer Dashboard

    Authenticator Vendors (Implementers) can Login to view their Dashboard.

    FIDO Alliance
    • What is FIDO?
    • How FIDO Works
    • FIDO2
    • Alliance Overview
    • Terms of Use
    • User Authentication Specifications Overview
    • Certification Overview
    • Knowledge Base
    • Press Center
    • Privacy Policy

    Join the Community

    Get the Latest Updates Participate in FIDO-Dev Forum

    Categories

    • Announcements
    • Building the Business Case
    • Buying, Building & Partnering
    • FIDO in the News
    • Implementation & Deployment
    • Intro to FIDO
    • Market Research
    • Perspectives
    • Uncategorized
    Certification Overview
    • Functional Certification
      • Implementer Dashboard
      • Biometric Dashboard
      • Protected: FIDO Certified v2
      • Conformance Self‐Validation Testing
      • FIDO Certification Registration & Fees
      • Protected: Vendor ID Page
        • Vendor ID
        • Vendor ID
      • Reference Implementation Library
      • Lab Dashboard
      • On Demand Registration Calendar
      • In-Person Testing Request
      • Certification Account Request
      • Reference Implementation Donation Form
      • Password Recovery
      • Lab Accreditation Request
      • Vendor IDs
        • Vendor ID Request
    • Certification Maintenance and Updates
      • Derivative Certification
    • Secretariat
      • FIDO Certification Request Agreement
        • FIDO Certification Request
    • FIDO® Certified
    • Certified Authenticator Levels
      • Authenticator Certification Scenarios
      • Authenticator Level 3
      • Authenticator Level 3+
      • FIDO Accredited Security Laboratories
      • Authenticator Level 1+
      • Authenticator Level 1
      • Authenticator Level 2
      • Companion Programs
    • Getting Started
    • Certification Mark Usage
    • Interoperability Testing
      • Interop Registration
    • Biometric Component Certification
      • FIDO Accredited Biometric Laboratories
    • Certification Fees

    Document Authenticity (DocAuth) Certification Program for Remote Identity Verification

    • Introduction
    • Certification Process Overview
    • Certification Fees
    • Accredited Labs
    • Get Certified
    • Resource Documentation
    Sign up for updates!Get news from FIDO Alliance in your inbox.

    By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.

    First Name
    Last Name
    Email
    Country
    Company
    Job Title
    • 日本語
    • 한국어
    • 简体中文
    • English