A cryptographic key (public, private, or shared) or public key certificate, used for encryption, decryption, digital signature, or signature verification; and other items, such as compromised key lists (CKL) and certificate revocation lists (CRL), obtained by trusted means from the same source which validate the authenticity of keys or certificates. Protected software which generates or regenerates keys or certificates may also be considered a cryptographic product.
Sources:
CNSSI 4009-2015
Software, hardware or firmware that includes one or more cryptographic functions. A cryptographic product is or contains a cryptographic module.
Sources:
NIST SP 800-57 Part 2 Rev.1
under Cryptographic product