Secure Management

The central building block of indigo is Unified Endpoint Management (UEM). BlackBerry UEM is currently the only UEM officially certified by the BSI for indigo. UEM platforms from Ivanti, Omnissa, Samsung Knox and Relution are in the approval process. ISEC7 supports vendor-neutral UEM selection and migration.

Secure Network

The indigo platform implements the German VSA framework in technology: approved VPN gateways, Public Key Infrastructure (PKI) with certificate management, app blocklists, hardened IT policies on the device. Every component lines up so the path from the iPhone to the data center stays VS-NfD-compliant end to end.

Secure Communication

On an indigo device, users run native iOS features plus a set of approved ecosystem apps for secure voice (ISEC7 Managed Secure Voice), mail, browser, file access and messaging. The user experience stays familiar, classified data never leaves the hardened container.

Frequently Asked Questions about indigo

What is indigo and what is it used for?

indigo (iOS Native Devices in Government Operations) is a security framework defined by the German Federal Office for Information Security (BSI). It allows German public-sector organizations and defense customers to use standard Apple iPhones and iPads to process classified information up to VS-NfD (Restricted) and NATO Restricted. Main users: Federal Police, Bundeswehr, BKA, intelligence services, KRITIS operators. Configured to spec, indigo meets every requirement of the German VSA (Verschlusssachenanweisung).

What does VS-NfD mean?

VS-NfD stands for Verschlusssache, Nur fuer den Dienstgebrauch, a German classification level for restricted official information. Devices and infrastructures handling VS-NfD data must be approved by the BSI. indigo provides the reference architecture and approved component set to use iOS devices within VS-NfD scope: Unified Endpoint Management, VPN gateways, certificate management, ecosystem apps.

Which iOS devices are compatible with indigo?

indigo runs on standard iOS smartphones and iPadOS tablets. No special hardware, no containerized work profiles. Configured to spec, the platform secures native iOS devices for VS-NfD use while keeping the standard Apple user experience.

Which UEM solutions are approved for indigo?

BlackBerry UEM is currently the only UEM certified by the BSI for indigo. UEM platforms from Ivanti, Omnissa, Samsung Knox and Relution are in the approval process. ISEC7 supports customers across all major UEM platforms.

Which organizations use indigo?

indigo is built for German public-sector security organizations (Behoerden und Organisationen mit Sicherheitsaufgaben, BOS): Federal Police, Bundeswehr, BKA, intelligence services, state criminal police offices, state police forces, KRITIS operators and defense industry. Anywhere mobile devices need to process VS-NfD-classified data.

How does ISEC7 support an indigo deployment?

ISEC7 is an indigo integrator and guides public-sector and enterprise customers through the structured build-out or migration of an indigo-compliant platform. Our consultants assess current state, document the required VSA-aligned changes and support architecture, implementation, process definition and operations. ISEC7 is headquartered in Hamburg, in the market since 2003, and works with German employees for German public-sector customers.

What role does ISEC7 SPHERE play in an indigo deployment?

ISEC7 SPHERE monitors an indigo infrastructure against the VSA and SecOps requirements: IT policies, certificates, VPN, ecosystem apps, blocklisted apps, Apple DEP status, OS versioning. Real-time indigo compliance, configurable notification paths to the integration partner, CISO or optional BSI. Software Made in Germany.

How does indigo fit NIS2 and KRITIS?

For KRITIS operators and companies in scope of NIS2, indigo provides documented protection of mobile endpoints up to VS-NfD. Combined with ISEC7 SPHERE, the setup produces an auditable compliance record.