diff --git a/README.rst b/README.rst
index ba1089f..b1e828e 100644
--- a/README.rst
+++ b/README.rst
@@ -32,32 +32,23 @@ Role Variables
      - false
      - Whether the role should execute the RFS configuration tasks.
    * - thales_client_working_dir
-     - /tmp/thales_client_install
+     - /tmp/security_world_install
      - Working directory in the target host.
    * - thales_client_gid
      - 42481
-     - Group ID for the thales group.
+     - Group ID for the nfast group.
    * - thales_client_uid
      - 42481
-     - User ID for the thales user.
-   * - thales_client_tarball_name
+     - User ID for the nfast user.
+   * - security_world_iso_zip_url
      - None
-     - Filename for the Thales client software tarball.
+     - URL location of the Security World ISO ZIP file.
    * - thales_client_tarball_location
      - None
-     - Full URL where a copy of the client software tarball can be downloaded.
-   * - thales_client_path
-     - linux/libc6_11/amd64/nfast
-     - Path to the client software directory inside the tarball
-   * - thales_km_data_tarball_name
-     - None
-     - Filename for the KM Data tarball
-   * - thales_km_data_location
-     - None
-     - Full URL where a copy of the KM Data tarball can be downloaded.
+     - DEPRECATED: Use security_world_iso_zip_url instead.
    * - thales_rfs_ip_address
      - None
-     - IPv4 address for the Thales RFS host.
+     - IPv4 address for the RFS host.
    * - thales_client_ips
      - None
      - Whitespace separated list of IP addresses to be added to RFS config.
@@ -74,3 +65,6 @@ Requirements
 ------------
 
  - ansible >= 2.4
+ - Security World Software v13.4.4 ISO ZIP file - The ISO file in ZIP format as
+   provided by Entrust.  This should be hosted in an HTTPS server that can be
+   accessed from the target host.
diff --git a/defaults/main.yaml b/defaults/main.yaml
index 4ee3cbd..75696f7 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -1,7 +1,6 @@
 ---
 thales_install_client: false
 thales_configure_rfs: false
-thales_client_working_dir: /tmp/thales_client_install
+thales_client_working_dir: /tmp/security_world_install
 thales_client_gid: 42481
 thales_client_uid: 42481
-thales_client_path: linux/libc6_11/amd64/nfast
diff --git a/handlers/main.yaml b/handlers/main.yaml
index beda678..1dd787b 100644
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@@ -2,4 +2,5 @@
 - name: Legacy vars warning
   ansible.builtin.debug:
     msg: "WARNING: Using legacy thales_hsm_ip_address and
-         thales_hsm_config_location variables.  Please udpate your vars file."
+         thales_client_tarball_location variables.  Please udpate your
+         vars file."
diff --git a/releasenotes/notes/add-support-for-security-world-v13.4-2cb8688bcc072db1.yaml b/releasenotes/notes/add-support-for-security-world-v13.4-2cb8688bcc072db1.yaml
new file mode 100644
index 0000000..c866871
--- /dev/null
+++ b/releasenotes/notes/add-support-for-security-world-v13.4-2cb8688bcc072db1.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    This version adds support for the latest Security World client software
+    (v13.4.4).  Older security world versions are not supported.
+deprecations:
+  - |
+    The variable `thales_client_tarball_location` has been deprecated.  Use
+    `security_world_iso_zip_url` instead.
diff --git a/setup.cfg b/setup.cfg
index addba3c..a585d07 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,14 +1,14 @@
 [metadata]
 name = ansible-role-thales-hsm
-summary = ansible-role-thales-hsm - Ansible role to configure Thales HSM clients.
+summary = ansible-role-thales-hsm - Ansible role to configure nShileld Connect HSM clients.
 description-file =
     README.rst
 author = TripleO Team
 author-email = alee@redhat.com
-home-page = https://github.com/dmend/ansible-role-thales-hsm
+home-page = https://opendev.org/openstack/ansible-role-thales-hsm
 classifier =
   License :: OSI Approved :: Apache Software License
-  Development Status :: 4 - Beta
+  Development Status :: 5 - Production/Stable
   Intended Audience :: Developers
   Intended Audience :: System Administrators
   Intended Audience :: Information Technology
diff --git a/tasks/client.yaml b/tasks/client.yaml
index 38b8b23..d6f26b5 100644
--- a/tasks/client.yaml
+++ b/tasks/client.yaml
@@ -5,12 +5,12 @@
     state: directory
     mode: '755'
 
-- name: Create thales group
+- name: Create nfast group
   ansible.builtin.group:
     name: nfast
     gid: "{{ thales_client_gid }}"
 
-- name: Create thales user
+- name: Create nfast user
   ansible.builtin.user:
     name: nfast
     uid: "{{ thales_client_uid }}"
@@ -25,61 +25,47 @@
     persistent: true
   when: ansible_os_family | lower == 'redhat'
 
-- name: Download Thales client tarball
-  ansible.builtin.get_url:
-    url: "{{ thales_client_tarball_location }}"
-    dest: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
-    mode: '644'
-    force: false
+- name: Ensure unzip is avaliable to unzip ISO file
+  ansible.builtin.yum:
+    name: unzip
+    state: present
 
-- name: Unpack tarball to working directory
+- name: Download and unzip Security World ISO file from given url
   ansible.builtin.unarchive:
-    src: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
+    src: "{{ security_world_iso_zip_url }}"
     dest: "{{ thales_client_working_dir }}"
-    creates: "{{ thales_client_working_dir }}/{{ thales_client_path }}"
     remote_src: true
 
-- name: Unpack tarball to /opt/nfast
-  ansible.builtin.shell: |
-    for i in `find "{{ thales_client_working_dir }}/{{ thales_client_path }}" -name *.tar` ; do
-        tar -C / -xvf $i ;
-    done
-  args:
-    creates: /opt/nfast/sbin/install
+- name: Set Security World ISO file path
+  ansible.builtin.set_fact:
+    security_world_iso: "{{ thales_client_working_dir }}/{{ security_world_iso_zip_url | basename | splitext | first }}"
 
-- name: Check for libnsl dependency
-  ansible.builtin.stat:
-    path: /lib64/libnsl.so.1
-  register: st
+- name: Extract RPMs and key from Security World ISO
+  community.general.iso_extract:
+    image: "{{ security_world_iso }}"
+    dest: "{{ thales_client_working_dir }}"
+    files:
+      - linux-rpms/amd64/nShield-hwsp.rpm
+      - linux-rpms/amd64/nShield-ctls.rpm
+      - linux-rpms/amd64/nShield-ncsnmp.rpm
+      - linux-rpms/amd64/pubkey.asc
 
-- name: Ensure libnsl dependency is installed
-  ansible.builtin.package:
-    name: libnsl
+- name: Import Security World RPM key
+  ansible.builtin.rpm_key:
     state: present
-  when: not st.stat.exists
+    key: "{{ thales_client_working_dir }}/pubkey.asc"
+
+- name: Install Security World RPMs
+  ansible.builtin.yum:
+    name: "{{ packages }}"
+  vars:
+    packages:
+      - "{{ thales_client_working_dir }}/nShield-hwsp.rpm"
+      - "{{ thales_client_working_dir }}/nShield-ctls.rpm"
+      - "{{ thales_client_working_dir }}/nShield-ncsnmp.rpm"
 
 - name: Run installer
   ansible.builtin.shell: set -o pipefail && echo "1" | /opt/nfast/sbin/install
-  args:
-    creates: /opt/nfast/kmdata
-
-- name: Get the security world data
-  ansible.builtin.get_url:
-    url: "{{ thales_km_data_location }}"
-    dest: "/root/{{ thales_km_data_tarball_name }}"
-    mode: '644'
-    force: false
-
-- name: Remove the old km_data
-  ansible.builtin.file:
-    path: /opt/nfast/kmdata
-    state: absent
-
-- name: Replace kmdata
-  ansible.builtin.unarchive:
-    src: "/root/{{ thales_km_data_tarball_name }}"
-    dest: /opt/nfast
-    remote_src: true
 
 - name: Create cknfastrc
   ansible.builtin.template:
@@ -114,7 +100,7 @@
     var: enquiry
 
 - name: Set up rfs_sync
-  ansible.builtin.command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{ thales_rfs_server_ip_address }}
+  ansible.builtin.command: set -o pipefail && echo "yes" | /opt/nfast/bin/rfs-sync --setup {{ thales_rfs_server_ip_address }}
 
 - name: Get keys from rfs server
   ansible.builtin.command: /opt/nfast/bin/rfs-sync --update
diff --git a/tasks/main.yaml b/tasks/main.yaml
index e0ea755..5205370 100644
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -7,6 +7,12 @@
   when: nshield_hsms is not defined and thales_hsm_ip_address is defined
   notify: Legacy vars warning
 
+- name: Allow deprecated tarball URL variable
+  ansible.builtin.set_fact:
+    security_world_iso_zip_url: "{{ thales_client_tarball_location }}"
+  when: security_world_iso_zip_url is not defined and thales_client_tarball_location is defined
+  notify: legacy vars warning
+
 - name: Include RFS tasks
   ansible.builtin.include_tasks: rfs.yaml
   when: thales_configure_rfs
diff --git a/vars.yaml.sample b/vars.yaml.sample
index 28d7b41..a8f11c6 100644
--- a/vars.yaml.sample
+++ b/vars.yaml.sample
@@ -1,17 +1,11 @@
 ---
-thales_client_working_dir: /tmp/thales_client_install
-thales_client_tarball_location: http://myserver.example.com/CipherTools-linux64-dev-12.40.2.tgz
-thales_client_tarball_name: CipherTools-linux64-dev-12.40.2.tgz
-thales_client_path: linux/libc6_11/amd64/nfast
-thales_client_uid:  42481
-thales_client_gid:  42481
-thales_km_data_location: http://myserver.example.com/kmdata.tar.gz
-thales_km_data_tarball_name: kmdata.tar.gz
-thales_rfs_server_ip_address: 192.168.5.20
+thales_install_client: true
+security_world_iso_zip_url: https://myhost.example.com/SecWorld_Lin64-13.4.4.iso.zip
 nshield_hsms:
   - name: "My HSM 1"
     ip: 192.168.1.1
   - name: "My HSM 2"
     ip: 192.168.1.1
-thales_rfs_user: admin
-thales_rfs_key: RSA Private key in PEM format used to log into RFS server.
+thales_rfs_server_ip_address: 192.168.1.10
+thales_bootstrap_client: 192.168.100.1
+thales_client_ips: 192.168.100.1 192.168.100.2 192.168.100.3