Any CSP is needed not only to generate certificates for the entire organization. For example, for the operation of the CIPF Continent AP - for each subscriber station from which the connection is made, either a proprietary CSP (Security Code) or Crypto Pro (the choice depends mainly on certification) is required.
For example, you have 9 clients that "tunnel" to the server and 1 server on which you generate certificates. In order to be certified by the FSB, such a scheme will require 9 Crypto Pro on each of the clients and 1 on the server.

If you use CryptoPro CSP as a certified CIPF, it is important that it be installed from a reference storage medium with a form.
If you have all the distributions the same, this is generally superfluous, but on the other hand, the CryptoPro distribution kit with the form costs about 500 rubles and it is possible that you decided to take full kits for convenience when purchasing.

The distribution kit is needed only in order for your version of the CIPF to be documented as STANDARD, which is required only in 2 cases: 1. You have a CA and you generate keys. 2. You generate keys using the "temporary access token" method. And so you can not pay for it at all and use the version from the site. The main thing is that there are enough licenses, although crypto-Pra is well placed on dofiga machines with one serial number, until the check comes, which is unlikely ...

In some cases, when attesting for information protection, distribution kits are required for each station (depending on the commission). And in the general case, one distribution kit per organization is enough.