# What is Guardian

Medcrypt's Guardian Platform provides PKI-based cryptographic security for medical devices, ensuring device authentication, secure communication, and regulatory compliance without disrupting performance. [Learn more about PKI and why it matters for medical devices](https://docs.medcrypt.com/overview/what-is-public-key-infrastructure-pki).

## **Guardian components**

Guardian consists of two main components:

* **Guardian Library**: Guardian Library runs on your devices to parse configuration profiles, request certificates from Guardian Cloud, and enable cryptographic functions like signing and encryption. Available for C++, C, Java, and more.
* **Guardian Cloud**: Cloud-based platform that processes certificate requests, enrolls devices into trust hierarchies, and generates certificates. This is the part of the Guardian platform formerly known as Overwatch.

## **Guardian core principles**

* All connections between devices should be secured
* Keys generated on the device never leave the device (including protection against data exfiltration methods)
* Keys should be rotatable as frequently as needed
* Key usage should be specific and isolated to particular operational contexts
* Security policy should be codified in signed configuration that drives operational usage

## **What Guardian provides:**

* Rapid deployment and seamless integration into new and existing systems
* Self-serve management through an intuitive web interface
* Device cryptographic identities with certificate-based authentication and automated lifecycle management
* Automated compliance reporting for FDA and other regulatory requirements
* Support for diverse hardware platforms, operating systems, and cryptographic libraries

## **What Guardian does:**

* Automated cryptographic key generation and management with unique keys for each device. Keys are FIPS 140-2 and FIPS 140-3 Level 3 compliant.
* Secure device-to-device communication (East-West protection)
* Secure device-to-cloud communication (North-South protection)
* Provisioning lifecycle management
* Support for memory-constrained and connectivity-limited devices
* Zero-trust security architecture implementation
* Legacy system protection without code modification
* Certificate lifecycle management (coming soon!)
* PKI operations

## **Common use cases:**

* Create segmented security zones across multi-device ecosystems
* Protect sensitive assets throughout the manufacturing process
* Establish trusted connections to cloud services
* Meet FDA cybersecurity requirements
* Implement zero-trust security architectures
* Manage cryptographic keys throughout device lifecycle
* Provide legacy system security without code modification