The goal is to acquire usb FIDO tokens that can pass CMMC L2. The problem I see is the sunset of all FIPS 140-2 modules, but I haven't had much luck finding any FIPS 140-3 usb tokens, are there any that actually have 140-3 certification and available for sale now?
FEITIAN shows they have certification, but they're a brick wall when I reach out to them for inquiries.
SMB looking to get CMMC L2 certified here, and we currently already use Entra ID as our identity management system. We'd love to stay using that, since it's what I'm familiar with, but per the boss, GCC is off the table. If our laptops are CUI assets, but we don't use Microsoft to process, store, or transmit any CUI data, and only use the commercial version of Office plus Entra ID, does that pass? I'm pretty muddy on whether Entra ID would be considered an SPA, and if it is an SPA, and even muddier on rules that need to apply to an SPA, and can we still use Entra ID if we aren't using GCC?