Finally, a real standard for device security
Recognizing the limitations of SCEP, Smallstep worked with Google at the IETF to develop an actual standard for high-assurance device identity: ACME Device Attestation (ACME DA). ACME DA provides the strongest possible guarantee (we call it "high assurance") of authentic device identity- preventing credential exfiltration, phishing, and impersonation attacks.
Introducing ACME Device Attestation
Have you ever wondered how to securely enroll a brand new phone or laptop onto your network? You may have never considered the question, unless you’re running a large IT department. The answer is the ACME DA standard. If this is unfamiliar territory, our blog can get you up to speed.
An upgrade 20 years in the making
SCEP, the most widely deployed certificate enrollment protocol for Enterprise IT devices, is over 20 years old and was initially designed for networking gear. SCEP does not standardize a way for an MDM and a CA to dynamically generate a challenge for each device. This means a shocking number of integrations are using a single, static challenge that can be used to issue any certificate, with any subject, at any time.
Hardware-bound device identity
ACME DA leverages hardware co-processors for attestation and keybinding, like a fingerprint for your device. Go beyond user credentials and ensure that every device's identity is verified and trusted. You have solved one half of the Zero Trust puzzle with user identity, now strengthen your defenses with device credentials that are unable to be exfiltrated.
Got multi-OS support?
We do. Smallstep supports ACME DA natively on all operating systems. You read that right! MacOS, iOS, Windows, Android... even Linux. This enables consistent and secure cross-platform access no matter which OS your team prefers. Don't leave a door unlocked by isolating one or two specific platforms. They will likely get used anyway. Protect all operating systems (and your enterprise) with cross-platform device identity.
Learn more about the platform
The Smallstep platform helps mitigate numerous cybersecurity threats – from phishing to advanced hardware attacks – without impacting end-user workflows.
Enforce device identity everywhere
Whether you’re working towards a compliance standard, closing gaps in policy enforcement, or preventing nation-state attacks, our team is here to show you how Smallstep can help.