This guide walks Vendors through the end-to-end process of certifying a product within CyberPass. By following these steps, you will navigate the interaction between your organization, the Certification Secretariat, and the Security Secretariat (or Lab) to achieve official FIDO compliance.
Prerequisites
An active Vendor Workspace in CyberPass.
A registered Product (e.g., Nighthawk 4 Stream LTE WiFi 6 Router) within your dashboard.
Access to the FIDO Conformance Test Tool and the external Interoperability Test booking system.
For specific questions regarding FIDO Alliance policies, technical specifications, or certification requirements, please contact the FIDO team at: [email protected]
For questions related to CyberPass usability and features, please reach out to CyberPass Support Team at:
Note: The screenshots provided in this article are for demonstrative purposes only and do not represent live production data.
Step-by-Step Instructions
Step 1 — Navigate to Procedures
From the main sidebar, select Procedures. This dashboard shows all historical and active evaluations. To start a new certification, click the New Procedure button in the top right.
Step 2 — Select the Certification Workflow
In the "Start Procedure" modal, select FIDO Authenticator Certification from the dropdown menu.
Step 3 — Define Security Variants
Review the Variants screen. This defines the FIDO Security Levels (L1 through L3+).
Professional Tip: If your product requires Level 1+ or higher, the "Security Secretariat" role in this guide will be replaced by a specialized Testing Lab.
Step 4 — Configure Workspace Participants
Select your Product, and assign the Certification Secretariat and Security Secretariat (or Lab) who will oversee your evaluation. Confirm your agreement to the terms and click Submit.
Step 5 — The Procedure Roadmap
Once initiated, your procedure sidebar will populate with the full workflow. This roadmap guides you from the Application Form through Technical Testing and Security Reviews, ending at the Results phase.
Step 6 — Understanding Actor Permissions (The "Turn-Based" System)
CyberPass uses a dynamic permission system. You can identify who is responsible for the current step by looking at the Actor Icons in the top right of the header:
Editor (Blue Dot/Pencil): The user currently responsible for the step. They can fill fields and click "Submit."
Viewer (No Blue Dot): The user can see all data but cannot make changes. The step is "locked" until the Editor submits.
Step 7 — Complete the Application Form
As the Vendor (Editor), fill in the information required in every section of the Application Form. Ensure the information entered for Legal Entity, Implementation Class, Implementation Name and all other fields are accurate in the Application Form.
Once completed, accept the terms and click Submit.
Step 8 — Certification Secretariat Review (Wait State)
Your application now moves to the Certification Secretariat workspace. Your status will show as "Pending completion."
Step 9 — Certification Secretariat Approval & Related Forms
The Certification Secretariat reviews your submission. To ensure accuracy, the Secretariat can click on the Application Form link within the Related Forms section to open a side-by-side view of your data. If all details are correct, they assign a Verdict of "Pass."
Step 10 — Conformance Testing
Run the official FIDO Conformance Test Tool. In CyberPass, enter the Date of Submission, confirm completion, and click Submit.
Step 11 — Conformance Test Review
The Certification Secretariat will verify your evidence and pass a verdict. The Secretariat may also upload the Conformance Results JSON and/or SBOM (Software Bill of Materials).
Step 12 — Interoperability Testing
Use the provided external link to book an appointment with the FIDO Alliance. Once the test is performed, enter the date in CyberPass, confirm completing the test and click Submit.
Step 13 — Interoperability Test Review
The Certification Secretariat reviews the interoperability results to ensure the authenticator successfully interoperates with other FIDO-compliant components.
The Secretariat will verify the Testing Date, upload the Interoperability Test Results, and assign a Verdict.
Step 14 — Complete the Questionnaire
The Vendor must answer all requirement sections where applicable starting from Authenticator Definition to Operational Guidance. Once completed, click Next.
Professional Tip: Be descriptive in your "Description" fields; this is the primary evidence used by the Security Secretariat or Lab to verify your security claims.
Step 15 — Vendor Summary and Submission
Review the summary of your implementation details (AAGUID, AAID, etc.). If all is correct, click Next to proceed to the final Submission tab, accept the conditions, and click Submit.
Step 16 — Security Secretariat Questionnaire Review (Wait State)
Your questionnaire submission now moves to the Security Secretariat workspace. Your status will show as "Pending completion."
Step 17 — Security Secretariat Review & Final Submission
The Security Secretariat (or Lab) acts as the Editor for a three-step audit process:
Questionnaire Review: Every response is carefully reviewed for accuracy.
Review Verdict: The Secretariat prepares and uploads the final Review Report and assigns a final verdict.
Final Submission: The Secretariat completes a final confirmation, formally sending the evaluation results to the Certification Secretariat to move into the payment phase.
Step 18 — Payment Processing
The Certification Secretariat acts as the Editor to finalize the financial phase. They will provide the Purchase Code and upload the Invoices required to conclude the certification.
Professional Tip: These codes are generated internally by the Secretariat within CyberPass. Contact the team if you have questions regarding payment status.
Step 19 — Vendor Verification & Certification Secretariat Review
The Vendor has one opportunity to update or confirm the Implementation Name that will appear on the certificate. Finally, the Certification Secretariat approves the name, and the procedure moves to the Results phase.
Step 20 — Procedure Finalized
The certification is complete! You can now click See Results to view and download your finalized documentation.
5. Key Notes
Role Separation: Each workspace role (Vendor, CS, SS, Lab) is handled by a distinct user to ensure a "four-eyes" review process.
The One-Change Rule: You can only suggest an Implementation Name change once during Step 19. If the Certification Secretariat rejects this change, the original name stands.
Status Loops: If a Secretariat issues an "Inconclusive" verdict, the step will automatically unlock for the Vendor to provide further edits or evidence.
6. Troubleshooting
Issue | Fix |
I don't see the "Security Secretariat" in my participants list. | If your product is Level 1+ or higher, look for the Testing Lab participants instead. |
I cannot edit the Application Form. | Check the top right of the screen. If the Key Icon is highlighted for the Secretariat, it is currently their turn to edit/view, and your access is restricted until they submit their review. |