mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
21 lines
888 B
Markdown
21 lines
888 B
Markdown
# Standards - FIDO2 Passwordless Authentication
|
|
|
|
## FIDO Standards
|
|
- **FIDO2 Specification**: https://fidoalliance.org/specifications/
|
|
- **WebAuthn Level 2**: W3C Web Authentication API
|
|
- **CTAP2**: Client to Authenticator Protocol 2.0
|
|
|
|
## NIST Standards
|
|
- **NIST SP 800-63B**: AAL3 - Hardware-based phishing-resistant authenticator
|
|
- **NIST SP 800-53 Rev 5**: IA-2(6), IA-2(8) Replay-resistant authentication
|
|
- **NIST SP 800-157**: PIV Derived Credentials
|
|
|
|
## CISA Guidance
|
|
- **Phishing-Resistant MFA**: Required for federal agencies under EO 14028
|
|
- **OMB M-22-09**: Federal zero trust strategy requiring phishing-resistant MFA
|
|
|
|
## Vendor Resources
|
|
- **Yubico FIDO2**: https://www.yubico.com/authentication-standards/fido2/
|
|
- **Microsoft Passkeys**: https://www.microsoft.com/en-us/security/business/security-101/what-is-fido2
|
|
- **Google Passkeys**: Android and Chrome WebAuthn support
|