OtherInternational (FIDO Alliance/W3C)

FIDO2 / WebAuthn

FIDO2 is the joint FIDO Alliance + W3C standard for passwordless + phishing-resistant authentication composed of: (a) W3C WEB AUTHENTICATION (WebAuthn) Level 3 Recommendation - the browser + relying party API for public-key credential creation + authentication; (b) FIDO CLIENT-TO-AUTHENTICATOR PROTOCOL 2.1 (CTAP2.1) - the protocol between client devices + roaming or platform authenticators; (c) FIDO METADATA SERVICE v3 (MDS3) - the trust + attestation metadata for authenticators including AAGUIDs + status reports + transports + algorithms; (d) DISCOVERABLE CREDENTIALS / PASSKEYS - resident-credential storage on authenticators enabling passwordless workflows + cross-device synchronisation via iCloud Keychain + Google Password Manager + Windows Hello + 1Password / Bitwarden / Dashlane. Core security properties: PHISHING RESISTANCE through origin binding + RP ID validation + channel binding; UNPHISHABLE WITHOUT USER INTERVENTION (no shared secrets); BIOMETRICS + PIN VERIFICATION local to the authenticator (never transmitted); REPLAY RESISTANCE through challenge-based protocol + signature counter + anti-replay timestamping; ENTERPRISE ATTESTATION + AAGUID ALLOWLISTING for managed-device deployments.

Domains

FIDO2/WebAuthn: Registration and Authentication Ceremonies

FIDO2/WebAuthn: CTAP2.1 Client-to-Authenticator Protocol

FIDO2/WebAuthn: Attestation, Metadata Service (MDS3) and Trust

FIDO2/WebAuthn: Relying Party Implementation, Phishing Resistance and Security

FIDO2/WebAuthn: FIDO Alliance Certification, Adoption and Status

Compare FIDO2 / WebAuthn

FIDO2 / WebAuthn vs ISO 27001:2022View comparison →FIDO2 / WebAuthn vs SOC 2View comparison →FIDO2 / WebAuthn vs NIST CSF 2.0View comparison →FIDO2 / WebAuthn vs GDPRView comparison →FIDO2 / WebAuthn vs HIPAAView comparison →FIDO2 / WebAuthn vs PCI DSS 4.0View comparison →

FIDO2 / WebAuthn by Industry

FIDO2 / WebAuthn for Healthcare→FIDO2 / WebAuthn for Financial Services→FIDO2 / WebAuthn for Technology→FIDO2 / WebAuthn for Government→FIDO2 / WebAuthn for Manufacturing→FIDO2 / WebAuthn for Energy→FIDO2 / WebAuthn for Retail→FIDO2 / WebAuthn for Education→

FIDO2 / WebAuthn by Role

FIDO2 / WebAuthn for CISOs→FIDO2 / WebAuthn for Compliance Officers→FIDO2 / WebAuthn for Risk Managers→FIDO2 / WebAuthn for IT Directors→FIDO2 / WebAuthn for DPOs→FIDO2 / WebAuthn for Auditors→

Frequently Asked Questions

What is FIDO2 / WebAuthn?

How many controls does FIDO2 / WebAuthn have?

FIDO2 / WebAuthn contains 16 controls organized across 7 domains.

Where does FIDO2 / WebAuthn apply?

FIDO2 / WebAuthn is applicable in International (FIDO Alliance/W3C). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does FIDO2 / WebAuthn map to?

FIDO2 / WebAuthn has control-to-control mappings with 145 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with FIDO2 / WebAuthn compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

How ready are you for FIDO2 / WebAuthn?

Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.

Explore Platform Free

FIDO2 / WebAuthn

Domains

FIDO2/WebAuthn: Registration and Authentication Ceremonies

FIDO2/WebAuthn: CTAP2.1 Client-to-Authenticator Protocol

FIDO2/WebAuthn: Attestation, Metadata Service (MDS3) and Trust

FIDO2/WebAuthn: Relying Party Implementation, Phishing Resistance and Security

FIDO2/WebAuthn: FIDO Alliance Certification, Adoption and Status

Frequently Asked Questions

What is FIDO2 / WebAuthn?

How many controls does FIDO2 / WebAuthn have?

FIDO2 / WebAuthn contains 16 controls organized across 7 domains.

Where does FIDO2 / WebAuthn apply?

FIDO2 / WebAuthn is applicable in International (FIDO Alliance/W3C). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does FIDO2 / WebAuthn map to?

FIDO2 / WebAuthn has control-to-control mappings with 145 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with FIDO2 / WebAuthn compliance?

How ready are you for FIDO2 / WebAuthn?

Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.

Explore Platform Free