FIDO政府部署与认可

世界各国政府正在认可并部署FIDO。点击下面的国家/地区,可以了解政府机构如何在政府项目中部署经FIDO认证的解决方案,供员工和/或公民使用(这些条目被注明为“部署”)。本页还包括已认可FIDO标准并在与在线身份验证有关的政策文件和/或法规中提及FIDO标准的政府机构(这些条目被注明为“认可”)。请经常回来查看,因为本页面会随着新的部署和认可的推出而更新。

可下载的版本包含更多关于FIDO部署和认可的详细信息,请点击此处

United Kingdom
Users:
Employees
Type:
Recognitions

FIDO Technology: FIDO2
Agency:

National Health Service

Program:

NHS Identity Authentication Service

Description:

NHS Identity currently authenticates against around 1 million care worker identities in its repository; registered and checked to a high level of confidence several new methods of verifying the subject, such as one time passwords, push notifications, knowledge based secrets, biometric touch id, Windows Hello, cryptographic certificates, FIDO2 supported devices and OIDC Smartcards


Users:
Citizens
Type:
Recognitions
Agency:

Cabinet Office, Government Digital Service

Program:

GPG 44 – Using authenticators to protect an online service

Description:

The U.K.’s Government Digital Service published updated guidance, Using authenticators to protect an online service (GPG 44). Following NIST, the term ‘credential’ has been replaced with “authenticator”. Transaction monitoring is noted and “High Quality Authenticators” is defined if it has been independently tested to prove it meets industry standards, such as the Common Criteria guidelines, FIDO or FIPS 140-2.


Users:
Citizens
Type:
Deployments

FIDO Technology: U2F
Agency:

Cabinet Office, Government Digital Service

Program:

GOV.UK (https://www.gov.uk/) Verify

Description:

GOV.UK (https://www.gov.uk/) Verify uses a host of identity providers, including Digidentity which supports U2F, to validate a citizen’s personal data, store that data, and verify the user is who they say they are when they attempt to access government digital services.


Users:
Citizens
Type:
Deployments

FIDO Technology: UAF
Agency:

National Health Service

Program:

NHS mobile app

Description:

NHS App aims to allow the public to fulfil their healthcare needs at the touch of a button. However, a security-conscious, multi-factor authentication login process proved a major ‘speed bump’ for users. The NHS App team worked closely with NHS login, the identity verification system that enables patients to access their digital records and services, to look review potential solutions of providing password-less login for users. They wanted to go with biometric and selected FIDO UAF. They have about 1.5 million users.


Users:
Citizens
Type:
Recognitions
Agency:

Department of Digital, Culture, Media and Sport (DCMS)

Program:

UK digital identity and attributes trust framework alpha

Description:

DCMS is responsible for digital identity policy and strategy for the UK economy. In February 2021, DCMS published the UK digital identity and attributes trust framework alpha for organizations that want to provide or consume digital identity and attribute products and services.


United Kingdom
United States

MiLogin

Users:
Citizens
Type:
Deployments

FIDO Technology: FIDO2
Agency:

The State of Michigan’s Department of Technology, Management & Budget (DTMB)

Program:

MiLogin

Description:

The State of Michigan’s Department of Technology, Management & Budget (DTMB) relies on passkeys to streamline citizens’ login experience and provide stronger security to protect against security threats and phishing incidents. The DTMB found that passkeys provide the following advantages:


Users:
Citizens
Type:
Deployments

FIDO Technology: U2F, FIDO2
Agency:

General Services Administration

Program:

Login.gov

Description:

US system for single sign-on across different agency applications. Use of FIDO is one option.


Users:
Employees
Type:
Recognitions

FIDO Technology: U2F, FIDO2
Agency:

National Cybersecurity Center of Excellence

Program:

Mobile Single Sign-On for Public Safety/First Responders

Description:

NIST Cybersecurity Practice Guide demonstrates how commercially available technologies, standards, and best practices implementing SSO, identity federation, and MFA can meet the needs of public safety first responder communities when accessing services from mobile devices.


Users:
Employees Citizens
Type:
Recognitions
Agency:

NIST

Program:

Digital Identity Guidelines: Implementation Resources for SP 800-63-3

Description:

July 2020 publication highlights use of FIDO in meeting AAL2 requirements for single factor cryptographic


Users:
Employees
Type:
Recognitions

FIDO Technology: UAF, U2F
Agency:

Office of Management & Budget

Program:

Implementation of OMB memo M-19-17 – FICAM Policy

Description:

Update policy includes: Innovate capabilities and update Federal Public Key Infrastructure (PKI)27 to provide government with a trust framework and infrastructure to administer digital certificates and other authentication solutions, such as those based on public key cryptography. This includes updating the PKI shared service provider approach to enable strong government oversight of service providers, including procurement and cost controls through GSA acquisition solutions as applicable


Users:
Employees
Type:
Recognitions
Agency:

Drug Enforcement Administration

Program:

Electronic Prescribing of Controlled Substances

Description:

April 2020 Request for Information included questions about FIDO U2F.


Users:
Employees Citizens
Type:
Recognitions
Agency:

NIST

Program:

President’s Executive Order (EO) on Improving the Nation’s Cybersecurity

Description:

NIST’s new guide on “Security Measures for EO-Critical Software Use” focuses on companies that are supplying software to the government.


Users:
Employees Citizens
Type:
Recognitions
Agency:

CISA (Cybersecurity & Infrastructure Security Agency)

Program:

Multi-Factor Authentication Guidance

Description:

Updated MFA guidance flagged FIDO as the “gold standard” of MFA and provided a great description of FIDO, as well as a direct link to the FIDO Alliance website for more information.


Users:
Employees Citizens
Type:
Recognitions

FIDO Technology: FIDO2
Agency:

Office of Management & Budget

Program:

Federal Zero Trust Strategy

Description:

Requires phishing-resistant AuthN in enterprise apps, and that it must be an option in public facing apps. Calls out FIDO2 and WebAuthn as the preferred approach.


United States

对本网页有疑问?发邮件至info@fidoalliance.org