Positioning, not certification. ZeroKeyUSB is not certified against the
frameworks on this page. A hardware device with no network interface cannot hold
most of these certifications directly. Instead, its architecture is designed to
support the relevant controls, so an organization can use it as part of their
compliance. We deliberately avoid claiming “ISO 27001 certified device” or
similar.
At a glance
| Framework | Relevance to ZeroKeyUSB | How we phrase it |
|---|---|---|
| ISO/IEC 27001 & 27002 | Controls for authentication information, access control and cryptography | Designed to support controls 5.15–5.18, 8.5, 8.24 |
| NIST SP 800-63B | Good practice for authentication secrets and their storage | Aligned with its guidance on strong, unique, protected secrets |
| ENS — Esquema Nacional de Seguridad | Spanish public-sector security framework (RD 311/2022) | Helps meet access-control and authentication dimensions; CPSTIC is a medium-term goal |
| FIPS 140-3 / Common Criteria / LINCE | Formal cryptographic-module / product evaluations | Future phase, only when a client requires and funds it |
| CE · RoHS · FCC · EMC | Electrical & material compliance to sell hardware | See Certifications |
Approved wording
For a website, dossier or tender response:ZeroKeyUSB is designed to support public-sector and enterprise security requirements by protecting authentication information offline, outside the host computer and outside the cloud. Its architecture is aligned with recognized security frameworks such as ISO/IEC 27001, ISO/IEC 27002, NIST SP 800-63B, and the principles of the Spanish National Security Framework (ENS).Shorter:
ZeroKeyUSB is not a cloud password manager. It is an offline credential device designed to reduce password exposure on shared, infected, or unmanaged computers, while helping organizations strengthen access control and authentication-information management.
Read next
Security whitepaper
The architecture and security properties in one document.
Threat model
What it protects against — and, honestly, what it does not.
ISO 27001 / 27002 mapping
Control-by-control support statement.
NIST SP 800-63B
Alignment with authentication-secret guidance.