政府配備

このページでは、 FIDO 認定 ソリューションを展開している政府機関、またはオンライン認証に関するポリシー文書や規制にFIDO標準への参照を認めて含めている政府機関をリストアップしています。

FIDOの導入と認証の詳細を含むダウンロード可能なバージョンは、ここをクリックして入手できます。 こちら .

展開

世界中の政府機関がFIDOを認識し、導入しています。国または地域を選択すると、政府機関が政府プログラムで従業員や市民が使用するために FIDO 認定 ソリューションをどのように展開したかに関する情報が表示されます(これらのエントリは 展開として示されます)。

認識

オンライン認証に関するポリシー文書や規制にFIDO標準への言及を認め、含めている政府機関(これらのエントリは 認識と呼ばれます)。 このページは、新しい配備や表彰が行われるたびに更新されますので、頻繁にチェックしてください。

政府機関は、パスキーのサポートを実装しています。パスキーの動作を確認するには、パスキーのライブ実装を参照してください。組織でパスキーを実装する方法については、パスキー Central を参照してください。

このウェブページに関する質問 電子メールinfo@fidoalliance.org

United Kingdom
Users:
Employees
Type:
Recognitions

FIDO Technology: FIDO2
Agency:

National Health Service

Program:

NHS Identity Authentication Service

Description:

NHS Identity currently authenticates against around 1 million care worker identities in its repository; registered and checked to a high level of confidence several new methods of verifying the subject, such as one time passwords, push notifications, knowledge based secrets, biometric touch id, Windows Hello, cryptographic certificates, FIDO2 supported devices and OIDC Smartcards


Users:
Citizens
Type:
Recognitions
Agency:

Cabinet Office, Government Digital Service

Program:

GPG 44 – Using authenticators to protect an online service

Description:

The U.K.’s Government Digital Service published updated guidance, Using authenticators to protect an online service (GPG 44). Following NIST, the term ‘credential’ has been replaced with “authenticator”. Transaction monitoring is noted and “High Quality Authenticators” is defined if it has been independently tested to prove it meets industry standards, such as the Common Criteria guidelines, FIDO or FIPS 140-2.


Users:
Citizens
Type:
Deployments

FIDO Technology: U2F
Agency:

Cabinet Office, Government Digital Service

Program:

GOV.UK (https://www.gov.uk/) Verify

Description:

GOV.UK (https://www.gov.uk/) Verify uses a host of identity providers, including Digidentity which supports U2F, to validate a citizen’s personal data, store that data, and verify the user is who they say they are when they attempt to access government digital services.


Users:
Citizens
Type:
Deployments

FIDO Technology: UAF
Agency:

National Health Service

Program:

NHS mobile app

Description:

NHS App aims to allow the public to fulfil their healthcare needs at the touch of a button. However, a security-conscious, multi-factor authentication login process proved a major ‘speed bump’ for users. The NHS App team worked closely with NHS login, the identity verification system that enables patients to access their digital records and services, to look review potential solutions of providing password-less login for users. They wanted to go with biometric and selected FIDO UAF. They have about 1.5 million users.


Users:
Citizens
Type:
Recognitions
Agency:

Department of Digital, Culture, Media and Sport (DCMS)

Program:

UK digital identity and attributes trust framework alpha

Description:

DCMS is responsible for digital identity policy and strategy for the UK economy. In February 2021, DCMS published the UK digital identity and attributes trust framework alpha for organizations that want to provide or consume digital identity and attribute products and services.


United Kingdom
United States

MiLogin

Users:
Citizens
Type:
Deployments

FIDO Technology: FIDO2
Agency:

The State of Michigan’s Department of Technology, Management & Budget (DTMB)

Program:

MiLogin

Description:

The State of Michigan’s Department of Technology, Management & Budget (DTMB) relies on passkeys to streamline citizens’ login experience and provide stronger security to protect against security threats and phishing incidents. The DTMB found that passkeys provide the following advantages:


Users:
Citizens
Type:
Deployments

FIDO Technology: U2F, FIDO2
Agency:

General Services Administration

Program:

Login.gov

Description:

US system for single sign-on across different agency applications. Use of FIDO is one option.


Users:
Employees
Type:
Recognitions

FIDO Technology: U2F, FIDO2
Agency:

National Cybersecurity Center of Excellence

Program:

Mobile Single Sign-On for Public Safety/First Responders

Description:

NIST Cybersecurity Practice Guide demonstrates how commercially available technologies, standards, and best practices implementing SSO, identity federation, and MFA can meet the needs of public safety first responder communities when accessing services from mobile devices.


Users:
Employees Citizens
Type:
Recognitions
Agency:

NIST

Program:

Digital Identity Guidelines: Implementation Resources for SP 800-63-3

Description:

July 2020 publication highlights use of FIDO in meeting AAL2 requirements for single factor cryptographic


Users:
Employees
Type:
Recognitions

FIDO Technology: UAF, U2F
Agency:

Office of Management & Budget

Program:

Implementation of OMB memo M-19-17 – FICAM Policy

Description:

Update policy includes: Innovate capabilities and update Federal Public Key Infrastructure (PKI)27 to provide government with a trust framework and infrastructure to administer digital certificates and other authentication solutions, such as those based on public key cryptography. This includes updating the PKI shared service provider approach to enable strong government oversight of service providers, including procurement and cost controls through GSA acquisition solutions as applicable


Users:
Employees
Type:
Recognitions
Agency:

Drug Enforcement Administration

Program:

Electronic Prescribing of Controlled Substances

Description:

April 2020 Request for Information included questions about FIDO U2F.


Users:
Employees Citizens
Type:
Recognitions
Agency:

NIST

Program:

President’s Executive Order (EO) on Improving the Nation’s Cybersecurity

Description:

NIST’s new guide on “Security Measures for EO-Critical Software Use” focuses on companies that are supplying software to the government.


Users:
Employees Citizens
Type:
Recognitions
Agency:

CISA (Cybersecurity & Infrastructure Security Agency)

Program:

Multi-Factor Authentication Guidance

Description:

Updated MFA guidance flagged FIDO as the “gold standard” of MFA and provided a great description of FIDO, as well as a direct link to the FIDO Alliance website for more information.


Users:
Employees Citizens
Type:
Recognitions

FIDO Technology: FIDO2
Agency:

Office of Management & Budget

Program:

Federal Zero Trust Strategy

Description:

Requires phishing-resistant AuthN in enterprise apps, and that it must be an option in public facing apps. Calls out FIDO2 and WebAuthn as the preferred approach.


United States