Files

21 lines
888 B
Markdown

# Standards - FIDO2 Passwordless Authentication
## FIDO Standards
- **FIDO2 Specification**: https://fidoalliance.org/specifications/
- **WebAuthn Level 2**: W3C Web Authentication API
- **CTAP2**: Client to Authenticator Protocol 2.0
## NIST Standards
- **NIST SP 800-63B**: AAL3 - Hardware-based phishing-resistant authenticator
- **NIST SP 800-53 Rev 5**: IA-2(6), IA-2(8) Replay-resistant authentication
- **NIST SP 800-157**: PIV Derived Credentials
## CISA Guidance
- **Phishing-Resistant MFA**: Required for federal agencies under EO 14028
- **OMB M-22-09**: Federal zero trust strategy requiring phishing-resistant MFA
## Vendor Resources
- **Yubico FIDO2**: https://www.yubico.com/authentication-standards/fido2/
- **Microsoft Passkeys**: https://www.microsoft.com/en-us/security/business/security-101/what-is-fido2
- **Google Passkeys**: Android and Chrome WebAuthn support