Smallstep Critical Components (ICCE) is a device identity platform that forms the foundation of Zero Trust Network Access by issuing and managing cryptographic certificates for endpoints, workloads, and services. The platform is structured around four core components: **Combined Inventory:** Maintains a trusted device inventory by syncing with existing MDM solutions. Supports Apple, Windows, and Linux devices, with Secure Enclave and TPM 2.0 EKPub key support. **Managed Credentials:** Issues high-assurance, hardware-backed, non-exportable certificates to trusted endpoints using ACME Device Attestation across all major platforms. Credentials are deployed via existing MDMs and are continuously managed. **Resource Configuration:** Automates the configuration of endpoints to authenticate securely to resources such as Wi-Fi, VPN, and SaaS applications. A cross-platform agent handles credential and configuration management with or without MDM solutions. Supports management of Wi-Fi, VPN, and browser certificates. **Policy Enforcement:** Enforces device identity verification at the point of resource access. Supports both direct resource-level authentication and centralized enforcement via proxy or gateway. Enables access control for VPN/ZTNA, SaaS apps, SSH, and Git/GitHub, with integration into SSO providers. The platform supports EAP-TLS for Wi-Fi, hardware-backed SSH, mTLS for internal services and workloads, and device-bound credentials for identity providers. It is built on the open-source step and step-ca projects and is used by organizations in finance, healthcare, and the public sector.