How many controls does FIDO2 / WebAuthn have?

FIDO2 / WebAuthn contains 11 controls organized across 4 domains.

Where does FIDO2 / WebAuthn apply?

FIDO2 / WebAuthn is applicable in International (FIDO Alliance/W3C). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does FIDO2 / WebAuthn map to?

FIDO2 / WebAuthn has control-to-control mappings with 500 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with FIDO2 / WebAuthn compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

FIDO2 / WebAuthn — Passwordless Authentication Standard

FIDO2 is the passwordless authentication standard developed by the FIDO Alliance and W3C. FIDO2 consists of two components: WebAuthn (W3C Web Authentication API) and CTAP2 (Client-to-Authenticator Protocol).

Domains

Passkey and Platform Integration

Security Requirements

CTAP2 (Client to Authenticator Protocol)

WebAuthn API (W3C)

Frequently Asked Questions

Map FIDO2 / WebAuthn — Passwordless Authentication Standard to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform