Why this term matters for access control
Identity and access-control terms are central to Cyber Essentials v3.3 because every account that can access organisational data must be protected appropriately. The assessor is looking for actual enforcement, not just a policy that says users should behave securely.
A practical evidence trail might include MFA enforcement, disabled legacy authentication, separate admin accounts, conditional access policies, account lockout, and leaver access removal records.
How Fig uses this term
Fig Group uses FIDO2 as part of a practical Cyber Essentials and compliance vocabulary. The purpose is to make assessment decisions easier to verify: what the term means, where it appears in evidence, which control it supports, and which buyer or assessor question it helps answer.
If this term affects your Cyber Essentials submission, treat it as an evidence question rather than a definition question. Document the relevant owner, system, configuration, policy, or workflow so an assessor can see how the control works in your environment.
Official sources and related guidance
For scheme interpretation, verify against official NCSC and IASME material. Fig's glossary is designed to translate those concepts into implementation language for UK organisations, MSPs, and procurement teams.