Finally, a real standard for device security

Recognizing the limitations of SCEP, Smallstep worked with Google at the IETF to develop an actual standard for high-assurance device identity: ACME Device Attestation (ACME DA). ACME DA provides the strongest possible guarantee (we call it "high assurance") of authentic device identity- preventing credential exfiltration, phishing, and impersonation attacks.

Contact us
background graphic
ACME Device Attestation
Cert based authentication
Certificate iconEliminate credential theft
Hardware-bound credentials
Seamless integration
Devices iconEasy device revocation

Introducing ACME Device Attestation

Have you ever wondered how to securely enroll a brand new phone or laptop onto your network? You may have never considered the question, unless you’re running a large IT department. The answer is the ACME DA standard. If this is unfamiliar territory, our blog can get you up to speed.

Learn more
SCEP is a dumpster fire

An upgrade 20 years in the making

SCEP, the most widely deployed certificate enrollment protocol for Enterprise IT devices, is over 20 years old and was initially designed for networking gear. SCEP does not standardize a way for an MDM and a CA to dynamically generate a challenge for each device. This means a shocking number of integrations are using a single, static challenge that can be used to issue any certificate, with any subject, at any time.

Bind hardware TPM and user identity with Smallstep

Hardware-bound device identity

ACME DA leverages hardware co-processors for attestation and keybinding, like a fingerprint for your device. Go beyond user credentials and ensure that every device's identity is verified and trusted. You have solved one half of the Zero Trust puzzle with user identity, now strengthen your defenses with device credentials that are unable to be exfiltrated.

A laptop with the Smallstep logo surrounded by a cluster of OS logos

Got multi-OS support?

We do. Smallstep supports ACME DA natively on all operating systems. You read that right! MacOS, iOS, Windows, Android... even Linux. This enables consistent and secure cross-platform access no matter which OS your team prefers. Don't leave a door unlocked by isolating one or two specific platforms. They will likely get used anyway. Protect all operating systems (and your enterprise) with cross-platform device identity.

Learn more
Inventory list view UI

Learn more about the platform

The Smallstep platform helps mitigate numerous cybersecurity threats – from phishing to advanced hardware attacks – without impacting end-user workflows.

Learn more
gradient background

Enforce device identity everywhere

Whether you’re working towards a compliance standard, closing gaps in policy enforcement, or preventing nation-state attacks, our team is here to show you how Smallstep can help.

Book a demo