# SCEP Functional Requirements
With the Ability Platform, the Industrial IoT Platform of ABB, more and more industrial devices will be connected to the platform. Such massive scale might result in a huge security risk that grows with the number of deployed devices. Bad actors can easily compromise and misuse unsecured devices for nefarious purposes.
The Ability Platform Public Key Infrastructure (PKI) is the foundation of securing Internet of Things (IoT) devices. As an accepted and well established standard, PKI is a core component of data confidentiality, information integrity, authentication, and data access control. PKI is the foundation required to secure the communication between IoT devices and the Ability Platform.
Securing the IoT is dependent on ensuring the proper security of development and deployment that incorporates the three key elements of trust: core device security, data and personal privacy, and adherence to standards and critical maintenance.
There are multiple certificate management protocols that exist as part of the security certificate enrollment and device deployment process, however ABB has chosen Simple Certificate Enrollment Protocol (SCEP) as the primary/standard protocol to manage the security lifecycle of the devices. Simple Certificate Enrolment Protocol (SCEP), a Public Key Infrastructure (PKI) communication protocol which leverages existing technology by using CMS (formerly known as PKCS#7) and PKCS#10 over HTTP.
There are a few functional requirements for using the SCEP protocol on a device that needs to enrol with the Ability Platform Public Key Infrastructure (PKI). They are as follows:
- SCEP client compliant with the SCEP RFC 2015
- RSA 2048 key generation capability
- SHA 256 hashing algorithm support
- SHA256RSA signing support