Hi All, First post here - so please go easy on me if I miss something vital out. My organisation has a legacy PKI consisting of a number of separate components supplied by different vendors with a few customised modules too. This is costly and difficult to support. We would like to consolidate this infrastructure down to a fewer number of vendors and if possible products. Considerations: We are a very risk adverse and security conscious organisation - doubt this is particularly relavant, but if there are known issues, it would be useful to know. There is a currently a user base of between 500 and 1000 external users (some haven't been active for a while). This number is falling down to around 300, although it is possible it may rise again (so solution needs to be scalable - both up and down!). HSMs will be used to store CA and signing certs. The HSMs and OCSP responder must meet FIPS 140-2 Level 3 assurance. Is it possible to deploy a Microsoft PKI stack providing a CA, OCSP, CMS (Card Management System) and PIN Printing solution for the issuance and control of either SmartCards or USB tokens? Which components can be MS sourced and for those that can't be - are there alternatives? Most grateful for any (sensible ;-)) response. Kind regards Jon Crees