Secure Access with Device Identity and ACME Device Attestation

Smallstep is the world’s first Device Identity Platform™, helping federal, state, and local agencies—as well as defense and national security organizations—enforce Zero Trust access across infrastructure, applications, and networks. This includes modern defense technology companies building autonomous systems, advanced manufacturing platforms, and mission-critical infrastructure.

Built in collaboration with Google, Smallstep uses cryptographic attestation and short-lived, hardware-backed credentials to replace passwords, SSH keys, and VPN-based access. Instead of relying on credentials alone, access decisions are tied to verified device identity, ensuring that only trusted, managed devices can interact with sensitive systems.

By integrating with tools like Jamf, Intune, and Okta, Smallstep ensures that only verified users on compliant, organization-controlled devices can access critical resources. This is especially important in public sector and defense environments, where protecting intellectual property, operational systems, and supply chain infrastructure is essential. Smallstep is trusted by leading defense technology companies, including organizations like Hadrian and Anduril, to secure access across complex, high-assurance environments.

Smallstep aligns with Zero Trust mandates and frameworks such as NIST 800-171, NIST 800-172, and CMMC, providing a practical path to stronger identity assurance at high-security boundaries. It helps organizations reduce reliance on credentials that can be stolen or replayed, and instead require cryptographic proof of device trust at every access point.

For agencies and defense technology companies alike, this approach closes a critical gap in traditional identity architectures: the ability to verify not just who is requesting access, but from which device that access is being initiated. The result is stronger protection against credential-based attacks, without adding friction for users or slowing down mission-critical operations.