Skip to main content
ZeroKeyUSB is an offline credential device: it stores logins encrypted, outside the host computer and outside the cloud, and types them over USB only after a physical action on the device.
Positioning, not certification. ZeroKeyUSB is not certified against the frameworks on this page. A hardware device with no network interface cannot hold most of these certifications directly. Instead, its architecture is designed to support the relevant controls, so an organization can use it as part of their compliance. We deliberately avoid claiming “ISO 27001 certified device” or similar.

At a glance

FrameworkRelevance to ZeroKeyUSBHow we phrase it
ISO/IEC 27001 & 27002Controls for authentication information, access control and cryptographyDesigned to support controls 5.15–5.18, 8.5, 8.24
NIST SP 800-63BGood practice for authentication secrets and their storageAligned with its guidance on strong, unique, protected secrets
ENS — Esquema Nacional de SeguridadSpanish public-sector security framework (RD 311/2022)Helps meet access-control and authentication dimensions; CPSTIC is a medium-term goal
FIPS 140-3 / Common Criteria / LINCEFormal cryptographic-module / product evaluationsFuture phase, only when a client requires and funds it
CE · RoHS · FCC · EMCElectrical & material compliance to sell hardwareSee Certifications

Approved wording

For a website, dossier or tender response:
ZeroKeyUSB is designed to support public-sector and enterprise security requirements by protecting authentication information offline, outside the host computer and outside the cloud. Its architecture is aligned with recognized security frameworks such as ISO/IEC 27001, ISO/IEC 27002, NIST SP 800-63B, and the principles of the Spanish National Security Framework (ENS).
Shorter:
ZeroKeyUSB is not a cloud password manager. It is an offline credential device designed to reduce password exposure on shared, infected, or unmanaged computers, while helping organizations strengthen access control and authentication-information management.

Security whitepaper

The architecture and security properties in one document.

Threat model

What it protects against — and, honestly, what it does not.

ISO 27001 / 27002 mapping

Control-by-control support statement.

NIST SP 800-63B

Alignment with authentication-secret guidance.