The brief explains that establishing attestations for Derived FIDO2 Credentials (DFC) enhances Zero Trust by securely binding FIDO2 tokens to verified identities through PIV or CAC smart cards. Based on NIST SP 800-157 and 800-79-2, the DFC workflow ensures identity proofing, organizational attestation, and lifecycle management to prevent unauthorized MFA issuance. Ping Identity, Yubico, and EntryPoint jointly deliver this capability with FIDO2 hardware keys, CMS, and ABAC policy enforcement. The integration achieves phishing-resistant authentication, dynamic authorization, and compliance with OMB M-22-09 while supporting NIST 800-63 assurance levels for identity, authentication, and federation.

Join for free to read