The Cryptographic Security Platform (CSP) software solution has the following software features and functionalities. 

CSP Compliance Manager

This feature assists with assessing and managing compliance of identified keys, secrets, and certificates with specified requirements. The CSP Compliance Manager software uses:

  • Multiple Compliance Manager appliances deployed in a clustered configuration,
  • Pre-configured collections of requirements (Compliance Packs).

CSP Public Key Infrastructure

This feature provides embedded internal PKI software to create, manage, and distribute digital certificates across an organization’s eco-systems. Optional add-on functionality includes:

  • Out-of-the-box enrollment protocols
  • RESTful APIs to enable automated certificate management and issuance integrated with third-party PKIs (CA Gateway). 

CSP Certificate Manager

This feature facilitates certificate lifecycle management and automation. CSP Certificate Manager software includes:

  • At all subscription levels, Discovery capability to find and discover certificates across diverse platforms, and Control capability to issue and manage certificates.
  • At the Enterprise level, Automation capability to automate the management of those certificates. 

CSP Keys and Secrets Management

This feature involves deploying multiple vault appliances in active-active clusters. It provides the capability to create and manage the following types of objects:

  • Standard objects:
    • KMIP Objects: Cryptographic keys, secrets, and certificates managed using the Key Management Interoperability Protocol (KMIP), ensuring secure key lifecycle management across different environments.
    • Cloud Keys: Encryption keys used in cloud environments (e.g., AWS KMS, Azure Key Vault, Google Cloud KMS) to secure cloud-native workloads and storage.
    • Secrets: Confidential data such as passwords, API keys, access tokens, and other sensitive information that need secure storage and controlled access.
  • Enhanced objects:
    • Application Security keys: Cryptographic keys used by applications to perform cryptographic operations using the cryptographic API or CLI of the CSP software, including encryption, digital signatures and hashing.
    • DB TDE Keys: Transparent Data Encryption (TDE) protected databases, including Oracle, MS SQL, MariaDB, and Open-source PostgreSQL, ensuring data-at-rest encryption.
    • VM Encryption Keys: Securely managed cryptographic assets used to protect and encrypt virtualized environments and workloads.
  • Third-Party Objects: Keys, Secrets or Certificates not directly created or stored by the CSP software, but whose metadata has been imported to be included in the CSP software’s cryptographic inventory and/or used in compliance assessments.