The Cryptographic Security Platform (CSP) has the following features and functionalities. 

CSP Compliance Manager

The CSP Compliance Manager assists with assessing and managing compliance of identified keys, secrets, and certificates with specified requirements. The CSP Compliance Manager uses:

  • Multiple Compliance Manager appliances deployed in a clustered configuration,
  • Pre-configured collections of requirements (Compliance Packs).

CSP Public Key Infrastructure

The CSP Public Key Infrastructure (PKI) provides an embedded internal PKI to create, manage, and distribute digital certificates across an organization’s eco-systems. Optional add-on functionality includes:

  • Out-of-the-box industrial protocols (Certificate Enrollment Gateway), Validation Authority, Timestamping
  • RESTful APIs to enable automated certificate management and issuance integrated with third-party PKIs (CA Gateway). 

CSP Certificate Manager

The CSP Certificate Manager, included in the Pro and Enterprise licensing packages, facilitates certificate lifecycle management and automation. It includes:

  • At the Pro level, Discovery capability to find and discover certificates across diverse platforms.
  • At the Enterprise level, Control capability to automate the management of those certificates. 

CSP Keys and Secrets Management

The CSP Keys and Secrets Management involves deploying multiple vault appliances in active-active clusters. It provides the capability to create and manage the following types of objects:​

  • Certificates: Electronic credentials used to authenticate the identities of entities and secure data transmissions.​
  • Standard objects:
    • KMIP Objects: Cryptographic keys, secrets, and certificates managed using the Key Management Interoperability Protocol (KMIP), ensuring secure key lifecycle management across different environments.
    • Cloud Keys: Encryption keys used in cloud environments (e.g., AWS KMS, Azure Key Vault, Google Cloud KMS) to secure cloud-native workloads and storage.
    • Secrets: Confidential data such as passwords, API keys, access tokens, and other sensitive information that need secure storage and controlled access.
    • Enhanced objects:
      • TDE Databases: Transparent Data Encryption (TDE) protected databases, including Oracle, MS SQL, MariaDB, and Open-source PostgreSQL, ensuring data-at-rest encryption.
      • Application Security keys: Cryptographic keys used by applications to perform cryptographic operations using the cryptographic API or CLI of the CSP, including encryption, digital signatures and hashing.
      • Virtual Machines: Securely managed cryptographic assets used to protect and encrypt virtualized environments and workloads.
      • Third-Party Objects: Keys, Secrets or Certificates not directly created or stored by the CSP, but whose metadata has been imported into the CSP to be included in the cryptographic inventory and/or used in compliance assessments.