SPYRUS En-Sign v220.127.116.11
Strengths: Complete, feature-rich offering at the desktop, with FIPS compliance.
Weaknesses: Centralized management, logging, reporting.
Verdict: Great product, nice price; only lacks enterprise management. We choose this as our Recommended product of the month.
SummaryEn-Sign v18.104.22.168 from Spyrus provides an easy-to-use interface for managing security devices and digital certificates. En-Sign software supports Rosetta Series II smart card and USB devices and the U.S. Department of Defense Common Access Card (CAC).
We loaded the En-Sign software on our local XP end-user machine. Currently the product does not support AD integration. En-Sign software manages devices and policies on the local machine. However, policies can be managed centrally through Group Policy. Enterprise deployments can be accomplished by pushing out the software through Windows installer files (msi).
En-Sign had three main components: configuration console, policy console and mapping utility. The configuration console managed security devices and the configuration of keys on those devices. The policy console managed the policies associated with the various devices. The mapping utility is used to manage the connections between the computer and the security devices to which it is connected.
We liked the interface for managing the security devices. It was easy to use and very intuitive. The performance of the cards was great. We also liked the feature-rich capability of the offering. The solution had the ability to provide two-factor authentication, store multiple PFX or P12 certificates, and store certificates for encrypting and digitally signing emails. The product also carries FIPS Level 2 and Level 3 compliance.
We did find native reporting and logging functions to be light. That being said, the application also relies on Microsoft Certification Authority (CA) for storage using its Certificate Store. The enterprise Microsoft CA generally provides central certificate lifecycle management.
Basic support is included for 90 days on an eight hours a day/five days a week phone/email basis. Support after the 90-day period must be purchased as an option. The documentation was complete and accurate and was very helpful in support of our policy console testing.