Smallstep ACME Device Attestation (ACME DA) is a certificate-based device identity solution built on the ACME Device Attestation standard, co-developed by Smallstep and Google at the IETF. It is designed as a modern replacement for SCEP (Simple Certificate Enrollment Protocol), which is over 20 years old and lacks strong proof-of-device identity guarantees. ACME DA uses hardware co-processors (secure elements) for attestation and key binding, cryptographically tying device credentials to physical hardware. This prevents credential theft and exfiltration by ensuring that private keys cannot leave the device. The approach goes beyond user identity verification to establish verified device identity as part of a Zero Trust enforcement model. The platform supports certificate-based authentication across multiple operating systems, including macOS, iOS, Windows, Android, and Linux, enabling consistent cross-platform device identity management. It supports zero-touch provisioning for new devices and provides mechanisms for certificate renewal and revocation. ACME DA is positioned to replace or integrate with existing PKI infrastructure (such as ADCS, Vault PKI, and AWS PCA). It is applicable to enterprise fleet management, BYOD environments, compliance enforcement, and protection against credential-based attacks including phishing and hardware-level threats. The solution also covers AI and MCP workflows by binding access to verified hardware.