FIDO 정부 배포 및 인증

전 세계 정부가 FIDO를 인정하고 배포하고 있습니다! 아래 국가/지역을 클릭하면 정부 기관이 정부 프로그램에서 직원 및/또는 시민이 사용할 수 있도록 FIDO 인증 솔루션을 배포한 방법에 대한 정보가 제공됩니다(이러한 항목은 “배포”로 표시됨). 이 페이지에는 온라인 인증과 관련된 정책 문서 및/또는 규정에 FIDO 표준을 인정하고 참조를 포함시킨 정부 기관도 포함되어 있습니다(이러한 항목은 “인정”으로 표시됨). 이 페이지는 새로운 배포 및 인식이 출시됨에 따라 업데이트될 예정이므로 자주 확인해 주세요.

FIDO 배포 및 인식에 대한 자세한 내용이 포함된 다운로드 버전은 여기를 클릭하여 여기 .

United Kingdom
Users:
Employees
Type:
Recognitions

FIDO Technology: FIDO2
Agency:

National Health Service

Program:

NHS Identity Authentication Service

Description:

NHS Identity currently authenticates against around 1 million care worker identities in its repository; registered and checked to a high level of confidence several new methods of verifying the subject, such as one time passwords, push notifications, knowledge based secrets, biometric touch id, Windows Hello, cryptographic certificates, FIDO2 supported devices and OIDC Smartcards


Users:
Citizens
Type:
Recognitions
Agency:

Cabinet Office, Government Digital Service

Program:

GPG 44 – Using authenticators to protect an online service

Description:

The U.K.’s Government Digital Service published updated guidance, Using authenticators to protect an online service (GPG 44). Following NIST, the term ‘credential’ has been replaced with “authenticator”. Transaction monitoring is noted and “High Quality Authenticators” is defined if it has been independently tested to prove it meets industry standards, such as the Common Criteria guidelines, FIDO or FIPS 140-2.


Users:
Citizens
Type:
Deployments

FIDO Technology: U2F
Agency:

Cabinet Office, Government Digital Service

Program:

GOV.UK (https://www.gov.uk/) Verify

Description:

GOV.UK (https://www.gov.uk/) Verify uses a host of identity providers, including Digidentity which supports U2F, to validate a citizen’s personal data, store that data, and verify the user is who they say they are when they attempt to access government digital services.


Users:
Citizens
Type:
Deployments

FIDO Technology: UAF
Agency:

National Health Service

Program:

NHS mobile app

Description:

NHS App aims to allow the public to fulfil their healthcare needs at the touch of a button. However, a security-conscious, multi-factor authentication login process proved a major ‘speed bump’ for users. The NHS App team worked closely with NHS login, the identity verification system that enables patients to access their digital records and services, to look review potential solutions of providing password-less login for users. They wanted to go with biometric and selected FIDO UAF. They have about 1.5 million users.


Users:
Citizens
Type:
Recognitions
Agency:

Department of Digital, Culture, Media and Sport (DCMS)

Program:

UK digital identity and attributes trust framework alpha

Description:

DCMS is responsible for digital identity policy and strategy for the UK economy. In February 2021, DCMS published the UK digital identity and attributes trust framework alpha for organizations that want to provide or consume digital identity and attribute products and services.


United Kingdom
United States

MiLogin

Users:
Citizens
Type:
Deployments

FIDO Technology: FIDO2
Agency:

The State of Michigan’s Department of Technology, Management & Budget (DTMB)

Program:

MiLogin

Description:

The State of Michigan’s Department of Technology, Management & Budget (DTMB) relies on passkeys to streamline citizens’ login experience and provide stronger security to protect against security threats and phishing incidents. The DTMB found that passkeys provide the following advantages:


Users:
Citizens
Type:
Deployments

FIDO Technology: U2F, FIDO2
Agency:

General Services Administration

Program:

Login.gov

Description:

US system for single sign-on across different agency applications. Use of FIDO is one option.


Users:
Employees
Type:
Recognitions

FIDO Technology: U2F, FIDO2
Agency:

National Cybersecurity Center of Excellence

Program:

Mobile Single Sign-On for Public Safety/First Responders

Description:

NIST Cybersecurity Practice Guide demonstrates how commercially available technologies, standards, and best practices implementing SSO, identity federation, and MFA can meet the needs of public safety first responder communities when accessing services from mobile devices.


Users:
Employees Citizens
Type:
Recognitions
Agency:

NIST

Program:

Digital Identity Guidelines: Implementation Resources for SP 800-63-3

Description:

July 2020 publication highlights use of FIDO in meeting AAL2 requirements for single factor cryptographic


Users:
Employees
Type:
Recognitions

FIDO Technology: UAF, U2F
Agency:

Office of Management & Budget

Program:

Implementation of OMB memo M-19-17 – FICAM Policy

Description:

Update policy includes: Innovate capabilities and update Federal Public Key Infrastructure (PKI)27 to provide government with a trust framework and infrastructure to administer digital certificates and other authentication solutions, such as those based on public key cryptography. This includes updating the PKI shared service provider approach to enable strong government oversight of service providers, including procurement and cost controls through GSA acquisition solutions as applicable


Users:
Employees
Type:
Recognitions
Agency:

Drug Enforcement Administration

Program:

Electronic Prescribing of Controlled Substances

Description:

April 2020 Request for Information included questions about FIDO U2F.


Users:
Employees Citizens
Type:
Recognitions
Agency:

NIST

Program:

President’s Executive Order (EO) on Improving the Nation’s Cybersecurity

Description:

NIST’s new guide on “Security Measures for EO-Critical Software Use” focuses on companies that are supplying software to the government.


Users:
Employees Citizens
Type:
Recognitions
Agency:

CISA (Cybersecurity & Infrastructure Security Agency)

Program:

Multi-Factor Authentication Guidance

Description:

Updated MFA guidance flagged FIDO as the “gold standard” of MFA and provided a great description of FIDO, as well as a direct link to the FIDO Alliance website for more information.


Users:
Employees Citizens
Type:
Recognitions

FIDO Technology: FIDO2
Agency:

Office of Management & Budget

Program:

Federal Zero Trust Strategy

Description:

Requires phishing-resistant AuthN in enterprise apps, and that it must be an option in public facing apps. Calls out FIDO2 and WebAuthn as the preferred approach.


United States

이 웹페이지에 대한 질문이 있으신가요? 이메일 info@fidoalliance.org