diff --git a/app/controllers/two_factor_authentication/options_controller.rb b/app/controllers/two_factor_authentication/options_controller.rb
index ea27e812c09..1029427b2f2 100644
--- a/app/controllers/two_factor_authentication/options_controller.rb
+++ b/app/controllers/two_factor_authentication/options_controller.rb
@@ -33,8 +33,8 @@ def process_valid_form
         'personal_key' => login_two_factor_personal_key_url,
         'sms' => otp_send_url(otp_delivery_selection_form: { otp_delivery_preference: 'sms' }),
         'auth_app' => login_two_factor_authenticator_url,
-        'piv_cac' => login_two_factor_piv_cac_url,
-        'webauthn' => login_two_factor_webauthn_url,
+        'piv_cac' => FeatureManagement.piv_cac_enabled? ? login_two_factor_piv_cac_url : nil,
+        'webauthn' => FeatureManagement.webauthn_enabled? ? login_two_factor_webauthn_url : nil,
       }
       url = factor_to_url[@two_factor_options_form.selection]
       redirect_to url if url
diff --git a/app/presenters/two_factor_options_presenter.rb b/app/presenters/two_factor_options_presenter.rb
index ece7443f26e..4308174e96a 100644
--- a/app/presenters/two_factor_options_presenter.rb
+++ b/app/presenters/two_factor_options_presenter.rb
@@ -38,7 +38,11 @@ def options
   private
 
   def available_2fa_types
-    %w[sms voice auth_app webauthn] + piv_cac_if_available
+    %w[sms voice auth_app] + webauthn_if_available + piv_cac_if_available
+  end
+
+  def webauthn_if_available
+    FeatureManagement.webauthn_enabled? ? %w[webauthn] : []
   end
 
   def piv_cac_if_available
diff --git a/spec/controllers/two_factor_authentication/options_controller_spec.rb b/spec/controllers/two_factor_authentication/options_controller_spec.rb
index b37a3f13794..2af1a56d2f1 100644
--- a/spec/controllers/two_factor_authentication/options_controller_spec.rb
+++ b/spec/controllers/two_factor_authentication/options_controller_spec.rb
@@ -24,6 +24,18 @@
   describe '#create' do
     before { sign_in_before_2fa }
 
+    it 'redirects to login_two_factor_url for sms with piv/cac and webauthn disabled' do
+      piv_cac_webauthn_enabled('false')
+
+      post :create, params: { two_factor_options_form: { selection: 'sms' } }
+
+      expect(response).to redirect_to otp_send_url( \
+        otp_delivery_selection_form: { otp_delivery_preference: 'sms' }
+      )
+
+      piv_cac_webauthn_enabled('true')
+    end
+
     it 'redirects to login_two_factor_url if user selects sms' do
       post :create, params: { two_factor_options_form: { selection: 'sms' } }
 
@@ -80,4 +92,10 @@
       post :create, params: { two_factor_options_form: { selection: 'sms' } }
     end
   end
+
+  def piv_cac_webauthn_enabled(bool)
+    allow(Figaro.env).to receive(:piv_cac_enabled) { bool }
+    allow(Figaro.env).to receive(:webauthn_enabled) { bool }
+    Rails.application.reload_routes!
+  end
 end