LANGUAGE
  • 日本語
  • 한국어
  • 简体中文
  • English
  • 如何加入 FIDO 联盟
FIDO Alliance
  • The Alliance
    About FIDO Alliance
    • 关于 FIDO 联盟
    • 在线快速身份认证(FIDO)发展历程
    • 联系方式
    Our Membership
    • 工作组
    • FIDO Members
    • Liaison Partners
    • Committees and Study Groups
    Join FIDO Alliance
    • 会员权益和会费级别
    • 如何加入 FIDO 联盟
    Newsletter Sign-Up
    FIDO Explained
  • Standards & Technology
    Work Areas
    • FIDO Authentication
    • Identity Verification & Binding
    • Internet of Things
    FIDO Authentication
    • FIDO 的工作原理
    • FIDO2: WebAuthn & CTAP
    • Metadata Service
    Specifications
    • Specifications Overview
    • Download Specifications
    Developers
    • Getting Started
    • Developer Resources
  • Discover FIDO
    Getting Started Knowledge Base
    • Intro to FIDO
    • Building the Business Case
    • Buying, Building & Partnering
    • Implementation & Deployment
    Adoption
    • FIDO Case Studies
    • Case Studies
    • FIDO 联盟政府和政策计划
    • Market Solutions
    • Government & Public Policy
    • PSD2 Compliance
    • Commercial Deployments
    Resources
    Showcase
    Research
    Videos
    White Papers
    Presentations
    FAQ
  • FIDO® Certified
    FIDO Certification Programs
    • FIDO Certified Professional Program
    • Functional Certification
    • Authenticator Certification
    Get Certified
    • 认证提交
    Certified Products
    • FIDO® Certified Products
    • FIDO Certified Showcase
  • News & Events
    Latest Updates
    • Events Calendar
    • FIDO in the News
    • Press Center
    • FIDO Blog
  • 如何加入 FIDO 联盟
Language
  • 日本語
  • 한국어
  • 简体中文
  • English
search
  • Adoption - Chinese (Simplified)
    • FIDO Case Studies
    • Case Studies
    • FIDO 联盟政府和政策计划
    • Market Solutions
    • Government & Public Policy
    • PSD2 Compliance
    • Commercial Deployments
    1. Home 
    2. FIDO Government Deployments and Recognitions

    FIDO Government Deployments and Recognitions

    Governments around the world are recognizing and deploying FIDO! Clicking on the countries / regions below provides information on how government agencies have deployed FIDO certified solutions for use by employees and/or citizens in government programs (these entries are noted as “deployments”). This page also includes government agencies that have recognized and included references to FIDO standards in policy documents and/or regulations pertaining to online authentication (these entries are noted as “recognitions”). Please check back frequently as this page will be updated as new deployments and recognitions roll out.

    A downloadable version that includes more details of FIDO deployments and recognitions, is available by clicking here.

    Australia
    Users:
    Employees Citizens
    Type:
    Recognitions

    FIDO Technology: U2F
    Agency:

    Australian Signals Directorate (ASD)

    Program:

    ASD “Essential Eight”

    Description:

    MFA is one of 8 critical controls recommended. MFA section list “U2F Security Keys” as one recommended technology and directs implementers to use FIDO-certified keys – and links to the FIDO certification site.

    Australia

    Australia

    Users:
    Employees Citizens
    Type:
    Recognitions

    FIDO Technology: U2F
    Agency:

    Australian Signals Directorate (ASD)

    Program:

    ASD “Essential Eight”

    Description:

    MFA is one of 8 critical controls recommended. MFA section list “U2F Security Keys” as one recommended technology and directs implementers to use FIDO-certified keys – and links to the FIDO certification site.

    Source: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model
    Canada
    Users:
    Employees
    Type:
    Deployments

    FIDO Technology: FIDO2
    Agency:

    Canadian Digital Service

    Program:

    Internal Security

    Description:

    Everyone at CDS has security keys

    Canada

    Canada

    Users:
    Employees
    Type:
    Deployments

    FIDO Technology: FIDO2
    Agency:

    Canadian Digital Service

    Program:

    Internal Security

    Description:

    Everyone at CDS has security keys

    Source: https://digital.canada.ca/2019/08/15/we-take-security-seriously-why-everyone-at-cds-has-security-keys/
    Czech Republic
    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: FIDO2
    Agency:

    CZ.NIC

    Program:

    MojeID

    Description:

    CZ.NIC is the DNS registry in the Czech Republic and they operate the national identity provider (idP) called mojeID with 800,000+ users. In August 2020, the Czech CZ.NIC received accreditation from the Czech Ministry that their IdP mojeID with support for FIDO is approved as eIDAS eID scheme on Level of Assurance (LoA) Substantial for services integrated with Czech eGovernment system. In September 2020, they launched their service in full production.

    In March 2021, the Czech ministry also issued eIDAS accreditation for mojeID’s IdP with eIDAS LoA High, under the following conditions:

    – Username and password are used

    – The FIDO2 authenticator is FIDO certified at Level 2 (or higher)

    – The FIDO2 authenticator is based on a secure element that is certified for FIPS 140-2 Level 3 or Common criteria EAL4 + AVA_VAN5

    – The FIDO2 authenticator must have PIN set and PIN is required for all transactions at LoA High

    Other Sources:

    https://www.nic.cz/page/4180/cznic-received-accreditation-to-manage-a-qualified-electronic-identification-system-from-the-moi-cr/

    https://www.nic.cz/page/4187/cznic-launches-a-project-to-interconnect-the-mojeid-service-with-nia/





    Czech Republic

    Czech Republic

    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: FIDO2
    Agency:

    CZ.NIC

    Program:

    MojeID

    Description:

    CZ.NIC is the DNS registry in the Czech Republic and they operate the national identity provider (idP) called mojeID with 800,000+ users. In August 2020, the Czech CZ.NIC received accreditation from the Czech Ministry that their IdP mojeID with support for FIDO is approved as eIDAS eID scheme on Level of Assurance (LoA) Substantial for services integrated with Czech eGovernment system. In September 2020, they launched their service in full production.

    In March 2021, the Czech ministry also issued eIDAS accreditation for mojeID’s IdP with eIDAS LoA High, under the following conditions:

    – Username and password are used

    – The FIDO2 authenticator is FIDO certified at Level 2 (or higher)

    – The FIDO2 authenticator is based on a secure element that is certified for FIPS 140-2 Level 3 or Common criteria EAL4 + AVA_VAN5

    – The FIDO2 authenticator must have PIN set and PIN is required for all transactions at LoA High

    Other Sources:

    https://www.nic.cz/page/4180/cznic-received-accreditation-to-manage-a-qualified-electronic-identification-system-from-the-moi-cr/

    https://www.nic.cz/page/4187/cznic-launches-a-project-to-interconnect-the-mojeid-service-with-nia/

    Source: https://www.mojeid.cz/en/




    France
    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    ANSSI (Agence nationale de la sécurité des systèmes d’information)

    Program:

    Guide to a Zero Trust model (LE MODÈLE ZERO TRUST)

    Description:

    ANSSI’s guide to a Zero Trust model mentions use of FIDO. Among the elements they recommend be integrated are: a use of means of authentication to the state of the art, since two-factor authentication is generally a prerequisite for the implementation of the model Zero Trust, it is recommended to be careful in choosing factors authentication and favor, for example, certificates generated by a trusted key management infrastructure (PKI) or FIDO tokens.


    Users:
    Employees Citizens
    Type:
    Recognitions

    FIDO Technology: FIDO2, U2F
    Agency:

    ANSSI (Agence nationale de la sécurité des systèmes d’information)

    Program:

    Recommendations Relating to Multifactor Authentication and Passwords (Recommandations Relatives À L’Authentification Multifacteur Et Aux Mots De Passe)

    Description:

    Replaces guidance from 2012, intended to be used as a baseline/input to any security risk analysis addressing authentication. FIDO is mentioned multiple times in the document.


    France

    France

    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    ANSSI (Agence nationale de la sécurité des systèmes d’information)

    Program:

    Guide to a Zero Trust model (LE MODÈLE ZERO TRUST)

    Description:

    ANSSI’s guide to a Zero Trust model mentions use of FIDO. Among the elements they recommend be integrated are: a use of means of authentication to the state of the art, since two-factor authentication is generally a prerequisite for the implementation of the model Zero Trust, it is recommended to be careful in choosing factors authentication and favor, for example, certificates generated by a trusted key management infrastructure (PKI) or FIDO tokens.

    Source: https://www.ssi.gouv.fr/agence/publication/le-modele-zero-trust/

    Users:
    Employees Citizens
    Type:
    Recognitions

    FIDO Technology: FIDO2, U2F
    Agency:

    ANSSI (Agence nationale de la sécurité des systèmes d’information)

    Program:

    Recommendations Relating to Multifactor Authentication and Passwords (Recommandations Relatives À L’Authentification Multifacteur Et Aux Mots De Passe)

    Description:

    Replaces guidance from 2012, intended to be used as a baseline/input to any security risk analysis addressing authentication. FIDO is mentioned multiple times in the document.

    Source: https://www.ssi.gouv.fr//guide/recommandations-relatives-a-lauthentification-multifacteur-et-aux-mots-de-passe/

    Hong Kong
    Users:
    Employees
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    Securities and Futures Commission

    Hong Kong

    Hong Kong

    Users:
    Employees
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    Securities and Futures Commission

    Malaysia
    Users:
    Employees Citizens
    Type:
    Deployments

    FIDO Technology: UAF/FIDO2
    Agency:

    Government Agency

    Description:

    e-government services (authentication and transaction signing) for the national cyber security services and management. Involves government, city council and selected industry such as bank, telco, transport and etc.

    Malaysia

    Malaysia

    Users:
    Employees Citizens
    Type:
    Deployments

    FIDO Technology: UAF/FIDO2
    Agency:

    Government Agency

    Description:

    e-government services (authentication and transaction signing) for the national cyber security services and management. Involves government, city council and selected industry such as bank, telco, transport and etc.

    Norway
    Type:
    Deployments
    Agency:

    Norwegian healthcare sector

    Description:

    Targeting the pharmacies, and it is mainly built on Windows technology. The FIDO authenticator is used by the pharmacist to login to her account at the Windows workstation, which gives access to the proper applications and systems. This system is in production at one pharmacy group.


    Type:
    Recognitions
    Agency:

    HelseNorge

    Description:

    Providing mobile authentication solutions for the medical staff. In this case, FIDO is used as authentication solution using Android and Apple iOS smartphone apps. This will be tested and evaluated in a proof of concept during the rest of 2020.


    Norway

    Norway

    Type:
    Deployments
    Agency:

    Norwegian healthcare sector

    Description:

    Targeting the pharmacies, and it is mainly built on Windows technology. The FIDO authenticator is used by the pharmacist to login to her account at the Windows workstation, which gives access to the proper applications and systems. This system is in production at one pharmacy group.


    Type:
    Recognitions
    Agency:

    HelseNorge

    Description:

    Providing mobile authentication solutions for the medical staff. In this case, FIDO is used as authentication solution using Android and Apple iOS smartphone apps. This will be tested and evaluated in a proof of concept during the rest of 2020.


    South Korea
    Users:
    Citizens
    Type:
    Deployments
    Agency:

    Tax Service


    Users:
    Employees
    Type:
    Recognitions
    Agency:

    Korea National Intelligence Service

    Program:

    Security Requirements for Government Agencies

    Description:

    Korea National Intelligence Service (KNIS) published its third version of Security Requirements for Government Agencies, which recommends FIDO Authentication as a strong cryptographic second factor option for end-user security.


    Users:
    Citizens
    Type:
    Recognitions

    FIDO Technology: UAF
    Agency:

    Korea Internet Security Agency (KISA)

    Program:

    K-FIDO Specification

    Description:

    KISA developed what is known as the K-FIDO specification that combines the FIDO Universal Authentication Framework (UAF) specification and Public Key Infrastructure (PKI) to enable authentication and ID verification at the same time for successful commercial fintech deployments.


    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    Ministry of Interior and Safety (MOIS)

    Program:

    Government 24

    Description:

    Government 24 is the official portal of the Korean government, providing e-government services to citizens. The portal was developed and is operated by the Ministry of Interior and Safety (MOIS). Support for the FIDO UAF specification was added when it launched in 2019.


    South Korea

    South Korea

    Users:
    Citizens
    Type:
    Deployments
    Agency:

    Tax Service


    Users:
    Employees
    Type:
    Recognitions
    Agency:

    Korea National Intelligence Service

    Program:

    Security Requirements for Government Agencies

    Description:

    Korea National Intelligence Service (KNIS) published its third version of Security Requirements for Government Agencies, which recommends FIDO Authentication as a strong cryptographic second factor option for end-user security.

    Source: https://www.nis.go.kr:4016/AF/1_7_2_4/view.do?seq=98&currentPage=1&selectBox=&searchKeyword=&fromDate=&toDate=

    Users:
    Citizens
    Type:
    Recognitions

    FIDO Technology: UAF
    Agency:

    Korea Internet Security Agency (KISA)

    Program:

    K-FIDO Specification

    Description:

    KISA developed what is known as the K-FIDO specification that combines the FIDO Universal Authentication Framework (UAF) specification and Public Key Infrastructure (PKI) to enable authentication and ID verification at the same time for successful commercial fintech deployments.

    Source: https://fidoalliance.org/white-paper-korean-fido-deployment-case-study-accredited-certification-system-for-safe-usage-of-accredited-certificate-using-fido-in-smartphone-in-korea-k-fido/

    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    Ministry of Interior and Safety (MOIS)

    Program:

    Government 24

    Description:

    Government 24 is the official portal of the Korean government, providing e-government services to citizens. The portal was developed and is operated by the Ministry of Interior and Safety (MOIS). Support for the FIDO UAF specification was added when it launched in 2019.


    Sweden
    Users:
    Citizens
    Type:
    Deployments
    Agency:

    SUNET (Swedeish University Computer Nework)

    Program:

    EduID

    Description:

    Authentication service for university students in Sweden. FIDO is an authentication option, in production.

    Sweden

    Sweden

    Users:
    Citizens
    Type:
    Deployments
    Agency:

    SUNET (Swedeish University Computer Nework)

    Program:

    EduID

    Description:

    Authentication service for university students in Sweden. FIDO is an authentication option, in production.

    Source: https://eduid.se/en/
    Taiwan
    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: UAF, FIDO2
    Agency:

    Ministry of Interior, Ministry of Finance

    Program:

    Taiwan Fido

    Description:

    Taiwan FidO is a mobile authentication service deployed by Ministry of Interior. The citizen can register Taiwan FidO service with personal citizen certificate, and log in to many e-government services using the registered Taiwan FidO account.

    Taiwan

    Taiwan

    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: UAF, FIDO2
    Agency:

    Ministry of Interior, Ministry of Finance

    Program:

    Taiwan Fido

    Description:

    Taiwan FidO is a mobile authentication service deployed by Ministry of Interior. The citizen can register Taiwan FidO service with personal citizen certificate, and log in to many e-government services using the registered Taiwan FidO account.

    Source: https://fido.moi.gov.tw/
    Thailand
    Users:
    Employees Citizens
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    Electronic Transactions Development Agency (ETDA)

    Program:

    “Development and Installation of Registration System on Mobile Devices for Use as Authenticator (TOR released in August 2020)”

    Description:

    ETDA is developing a FIDO UAF system which will provide enterprise or organizations as an reference to deploy their mobile authentication application.

    Thailand

    Thailand

    Users:
    Employees Citizens
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    Electronic Transactions Development Agency (ETDA)

    Program:

    “Development and Installation of Registration System on Mobile Devices for Use as Authenticator (TOR released in August 2020)”

    Description:

    ETDA is developing a FIDO UAF system which will provide enterprise or organizations as an reference to deploy their mobile authentication application.

    United Kingdom
    Users:
    Employees
    Type:
    Recognitions

    FIDO Technology: FIDO2
    Agency:

    National Health Service

    Program:

    NHS Identity Authentication Service

    Description:

    NHS Identity currently authenticates against around 1 million care worker identities in its repository; registered and checked to a high level of confidence several new methods of verifying the subject, such as one time passwords, push notifications, knowledge based secrets, biometric touch id, Windows Hello, cryptographic certificates, FIDO2 supported devices and OIDC Smartcards


    Users:
    Citizens
    Type:
    Recognitions
    Agency:

    Cabinet Office, Government Digital Service

    Program:

    GPG 44 – Using authenticators to protect an online service

    Description:

    The U.K.’s Government Digital Service published updated guidance, Using authenticators to protect an online service (GPG 44). Following NIST, the term ‘credential’ has been replaced with “authenticator”. Transaction monitoring is noted and “High Quality Authenticators” is defined if it has been independently tested to prove it meets industry standards, such as the Common Criteria guidelines, FIDO or FIPS 140-2.


    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: U2F
    Agency:

    Cabinet Office, Government Digital Service

    Program:

    GOV.UK (https://www.gov.uk/) Verify

    Description:

    GOV.UK (https://www.gov.uk/) Verify uses a host of identity providers, including Digidentity which supports U2F, to validate a citizen’s personal data, store that data, and verify the user is who they say they are when they attempt to access government digital services.


    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    National Health Service

    Program:

    NHS mobile app

    Description:

    NHS App aims to allow the public to fulfil their healthcare needs at the touch of a button. However, a security-conscious, multi-factor authentication login process proved a major ‘speed bump’ for users. The NHS App team worked closely with NHS login, the identity verification system that enables patients to access their digital records and services, to look review potential solutions of providing password-less login for users. They wanted to go with biometric and selected FIDO UAF. They have about 1.5 million users.


    Users:
    Citizens
    Type:
    Recognitions
    Agency:

    Department of Digital, Culture, Media and Sport (DCMS)

    Program:

    UK digital identity and attributes trust framework alpha

    Description:

    DCMS is responsible for digital identity policy and strategy for the UK economy. In February 2021, DCMS published the UK digital identity and attributes trust framework alpha for organizations that want to provide or consume digital identity and attribute products and services.


    United Kingdom

    United Kingdom

    Users:
    Employees
    Type:
    Recognitions

    FIDO Technology: FIDO2
    Agency:

    National Health Service

    Program:

    NHS Identity Authentication Service

    Description:

    NHS Identity currently authenticates against around 1 million care worker identities in its repository; registered and checked to a high level of confidence several new methods of verifying the subject, such as one time passwords, push notifications, knowledge based secrets, biometric touch id, Windows Hello, cryptographic certificates, FIDO2 supported devices and OIDC Smartcards

    Source: https://digital.nhs.uk/services/nhs-identity/guidance-for-developers/services-offered-by-nhs-identity/authentication-service

    Users:
    Citizens
    Type:
    Recognitions
    Agency:

    Cabinet Office, Government Digital Service

    Program:

    GPG 44 – Using authenticators to protect an online service

    Description:

    The U.K.’s Government Digital Service published updated guidance, Using authenticators to protect an online service (GPG 44). Following NIST, the term ‘credential’ has been replaced with “authenticator”. Transaction monitoring is noted and “High Quality Authenticators” is defined if it has been independently tested to prove it meets industry standards, such as the Common Criteria guidelines, FIDO or FIPS 140-2.

    Source: https://www.gov.uk/government/publications/authentication-credentials-for-online-government-services/giving-users-access-to-online-services

    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: U2F
    Agency:

    Cabinet Office, Government Digital Service

    Program:

    GOV.UK (https://www.gov.uk/) Verify

    Description:

    GOV.UK (https://www.gov.uk/) Verify uses a host of identity providers, including Digidentity which supports U2F, to validate a citizen’s personal data, store that data, and verify the user is who they say they are when they attempt to access government digital services.

    Source: https://www.computerworld.com/article/3427083/uk-government-boosts-gov-uk-verify-security—u2f-authentication-explained.html

    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: UAF
    Agency:

    National Health Service

    Program:

    NHS mobile app

    Description:

    NHS App aims to allow the public to fulfil their healthcare needs at the touch of a button. However, a security-conscious, multi-factor authentication login process proved a major ‘speed bump’ for users. The NHS App team worked closely with NHS login, the identity verification system that enables patients to access their digital records and services, to look review potential solutions of providing password-less login for users. They wanted to go with biometric and selected FIDO UAF. They have about 1.5 million users.

    Source: https://digital.nhs.uk/services/nhs-identity/guidance-for-developers/services-offered-by-nhs-identity/authentication-service

    Users:
    Citizens
    Type:
    Recognitions
    Agency:

    Department of Digital, Culture, Media and Sport (DCMS)

    Program:

    UK digital identity and attributes trust framework alpha

    Description:

    DCMS is responsible for digital identity policy and strategy for the UK economy. In February 2021, DCMS published the UK digital identity and attributes trust framework alpha for organizations that want to provide or consume digital identity and attribute products and services.

    Source: https://www.gov.uk/government/publications/the-uk-digital-identity-and-attributes-trust-framework/the-uk-digital-identity-and-attributes-trust-framework

    United States
    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: U2F, FIDO2
    Agency:

    General Services Administration

    Program:

    Login.gov

    Description:

    US system for single sign-on across different agency applications. Use of FIDO is one option.


    Users:
    Employees
    Type:
    Recognitions

    FIDO Technology: U2F, FIDO2
    Agency:

    National Cybersecurity Center of Excellence

    Program:

    Mobile Single Sign-On for Public Safety/First Responders

    Description:

    NIST Cybersecurity Practice Guide demonstrates how commercially available technologies, standards, and best practices implementing SSO, identity federation, and MFA can meet the needs of public safety first responder communities when accessing services from mobile devices.


    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    NIST

    Program:

    Digital Identity Guidelines: Implementation Resources for SP 800-63-3

    Description:

    July 2020 publication highlights use of FIDO in meeting AAL2 requirements for single factor cryptographic


    Users:
    Employees
    Type:
    Recognitions

    FIDO Technology: UAF, U2F
    Agency:

    Office of Management & Budget

    Program:

    Implementation of OMB memo M-19-17 – FICAM Policy

    Description:

    Update policy includes: Innovate capabilities and update Federal Public Key Infrastructure (PKI)27 to provide government with a trust framework and infrastructure to administer digital certificates and other authentication solutions, such as those based on public key cryptography. This includes updating the PKI shared service provider approach to enable strong government oversight of service providers, including procurement and cost controls through GSA acquisition solutions as applicable


    Users:
    Employees
    Type:
    Recognitions
    Agency:

    Drug Enforcement Administration

    Program:

    Electronic Prescribing of Controlled Substances

    Description:

    April 2020 Request for Information included questions about FIDO U2F.


    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    NIST

    Program:

    President’s Executive Order (EO) on Improving the Nation’s Cybersecurity

    Description:

    NIST’s new guide on “Security Measures for EO-Critical Software Use” focuses on companies that are supplying software to the government.


    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    CISA (Cybersecurity & Infrastructure Security Agency)

    Program:

    Multi-Factor Authentication Guidance

    Description:

    Updated MFA guidance flagged FIDO as the “gold standard” of MFA and provided a great description of FIDO, as well as a direct link to the FIDO Alliance website for more information.


    Users:
    Employees Citizens
    Type:
    Recognitions

    FIDO Technology: FIDO2
    Agency:

    Office of Management & Budget

    Program:

    Federal Zero Trust Strategy

    Description:

    Requires phishing-resistant AuthN in enterprise apps, and that it must be an option in public facing apps. Calls out FIDO2 and WebAuthn as the preferred approach.


    United States

    United States

    Users:
    Citizens
    Type:
    Deployments

    FIDO Technology: U2F, FIDO2
    Agency:

    General Services Administration

    Program:

    Login.gov

    Description:

    US system for single sign-on across different agency applications. Use of FIDO is one option.

    Source: https://login.gov/help/creating-an-account/security-key/

    Users:
    Employees
    Type:
    Recognitions

    FIDO Technology: U2F, FIDO2
    Agency:

    National Cybersecurity Center of Excellence

    Program:

    Mobile Single Sign-On for Public Safety/First Responders

    Description:

    NIST Cybersecurity Practice Guide demonstrates how commercially available technologies, standards, and best practices implementing SSO, identity federation, and MFA can meet the needs of public safety first responder communities when accessing services from mobile devices.

    Source: https://www.nccoe.nist.gov/projects/use-cases/mobile-sso

    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    NIST

    Program:

    Digital Identity Guidelines: Implementation Resources for SP 800-63-3

    Description:

    July 2020 publication highlights use of FIDO in meeting AAL2 requirements for single factor cryptographic

    Source: https://www.nist.gov/system/files/documents/2020/07/02/SP-800-63-3-Implementation-Resources_07012020.pdf

    Users:
    Employees
    Type:
    Recognitions

    FIDO Technology: UAF, U2F
    Agency:

    Office of Management & Budget

    Program:

    Implementation of OMB memo M-19-17 – FICAM Policy

    Description:

    Update policy includes: Innovate capabilities and update Federal Public Key Infrastructure (PKI)27 to provide government with a trust framework and infrastructure to administer digital certificates and other authentication solutions, such as those based on public key cryptography. This includes updating the PKI shared service provider approach to enable strong government oversight of service providers, including procurement and cost controls through GSA acquisition solutions as applicable

    Source: https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf

    Users:
    Employees
    Type:
    Recognitions
    Agency:

    Drug Enforcement Administration

    Program:

    Electronic Prescribing of Controlled Substances

    Description:

    April 2020 Request for Information included questions about FIDO U2F.


    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    NIST

    Program:

    President’s Executive Order (EO) on Improving the Nation’s Cybersecurity

    Description:

    NIST’s new guide on “Security Measures for EO-Critical Software Use” focuses on companies that are supplying software to the government.

    Source: https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/security-measures-eo-critical-software-use

    Users:
    Employees Citizens
    Type:
    Recognitions
    Agency:

    CISA (Cybersecurity & Infrastructure Security Agency)

    Program:

    Multi-Factor Authentication Guidance

    Description:

    Updated MFA guidance flagged FIDO as the “gold standard” of MFA and provided a great description of FIDO, as well as a direct link to the FIDO Alliance website for more information.

    Source: https://www.cisa.gov/mfa

    Users:
    Employees Citizens
    Type:
    Recognitions

    FIDO Technology: FIDO2
    Agency:

    Office of Management & Budget

    Program:

    Federal Zero Trust Strategy

    Description:

    Requires phishing-resistant AuthN in enterprise apps, and that it must be an option in public facing apps. Calls out FIDO2 and WebAuthn as the preferred approach.

    Source: https://zerotrust.cyber.gov/federal-zero-trust-strategy/#identity

    Questions on this webpage? Email info@fidoalliance.org

    FIDO Alliance
    • FIDO 的工作原理
    • 关于 FIDO 联盟
    • HOW FIDO WORKS
    • Terms of Use
    • Specifications Overview
    • Certification Overview
    • Knowledge Base
    • Privacy Policy
    • Press Center

    Join the Community

    Get the Latest Updates Participate in FIDO-Dev Forum

    Categories

    • Announcements
    • Building the Business Case
    • Buying, Building & Partnering
    • FIDO in the News
    • Implementation & Deployment
    • Intro to FIDO
    • Market Research
    • Perspectives
    • Uncategorized
    FIDO Government Deployments and Recognitions

    Document Authenticity (DocAuth) Certification Program for Remote Identity Verification

    Sign up for updates!Get news from FIDO Alliance in your inbox.

    By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.

    First Name
    Last Name
    Email
    Country
    Company
    Job Title
    • 日本語
    • 한국어
    • 简体中文
    • English