Skip to main content
This page separates public design claims, implementation status, production status, and external validation status. The matrix is intended for enterprise customers, security auditors, procurement teams, and technical partners. It is not a release tracker, internal roadmap, operational runbook, or certification scope statement.

Overview

Enigm documentation describes current architecture, product behavior, target hardening layers, and governance controls. All Enigm products listed in this page are documented as implemented production products or production capabilities unless explicitly identified as a target signing architecture or scoped deployment model.

Status Definitions

  • Designed: The architecture and expected behavior are documented.
  • Implemented: The capability exists in product or platform implementation.
  • In Production: The capability is used in production service or product workflows.
  • Selected User Pool: The capability is available in production to a limited group of selected users.
  • Planned: The capability is documented as a future or target hardening layer.
  • Independently Assessed: Independent assessment evidence exists.
  • Private Assessment Available Under NDA: Assessment evidence exists but is not published publicly.

Component Status Matrix

ComponentDesignedImplementedProduction StatusExternal ValidationNotes
Enigm App secure messagingDesignedImplementedIn ProductionPrivate assessment available under NDAEnd-to-end encryption and protected content lifecycle model are documented.
Secure callsDesignedImplementedIn ProductionPrivate assessment available under NDASecure session establishment, protected key material, and device trust requirements are documented.
Key managementDesignedImplementedIn ProductionPrivate cryptographic assessment available under NDADevice-generated keys, protected storage, hardware-backed protection, and recovery boundaries are documented.
Multi-device workflowsDesignedImplementedIn ProductionPrivate assessment available under NDAExplicit trust establishment, revocation, and replacement workflows are documented.
Active DefenseDesignedImplementedIn Production for selected user poolPrivate assessment available under NDAAI-assisted network-behavior malware-risk assessment is documented without exposing detection logic.
VPN ServiceDesignedImplementedIn ProductionPrivate infrastructure assessment available under NDAOptional transport privacy layer separate from end-to-end encryption.
Proxy NetworkDesignedImplementedIn ProductionPrivate infrastructure assessment available under NDATraffic separation and metadata-reduction layer documented at a high level.
Enigm CommandDesignedImplementedIn ProductionPrivate assessment available under NDAAccount, device, product lifecycle, Enigm Server, Enigm eSIM, Enigm Key, and administrative workflows are documented.
Enigm ServerDesignedImplementedIn ProductionPrivate infrastructure assessment available under NDADedicated private messaging environment with administrative boundaries and encrypted content lifecycle controls.
Enigm eSIMDesignedImplementedIn ProductionPrivate assessment available under NDAIdentity-minimizing data-only connectivity lifecycle managed through Enigm Command.
Enigm KeyDesignedImplementedIn ProductionPrivate assessment available under NDAEmergency hardware workflow, event-bound location sharing, and device authentication are documented.
Enigm OSDesignedImplementedIn ProductionPrivate mobile and device assessment available under NDASecure OS architecture, Trust Security Center, network policy, setup, launcher, privacy mode, and device management are documented.
Trust Security CenterDesignedImplementedIn ProductionPrivate mobile and device assessment available under NDALocal trust evaluation states and findings model are documented.
OTA ArchitectureDesignedImplementedIn ProductionPrivate assessment available under NDAOTA security, release lifecycle, client verification, and eligibility controls are documented.
Remote AttestationDesignedImplementedIn ProductionPrivate assessment available under NDADocumented as an additional eligibility signal and production hardening layer.
Hardware-backed OTA manifest signingDesignedImplementedIn ProductionPrivate assessment available under NDACurrent production OTA manifest signing authority is documented separately from target release signing.
Target HSM release signingDesignedPlannedPlanned hardening layerNot publicly assessedTarget production release-signing authority is documented as separate from current manifest signing.
Enigm IntelligenceDesignedImplementedIn ProductionPrivate assessment available under NDADetection, correlation, risk, and defensive response models are documented without exposing rules or playbooks.
EnyraDesignedImplementedIn ProductionPrivate assessment available under NDAConversational security analyst layer operates on Enigm Intelligence context.
Secure SDLCDesignedImplementedIn ProductionISO 27001 governance evidence availableSecure development, vulnerability management, release security, and continuous validation are documented.
ISO 27001 governanceDesignedImplementedIn ProductionIndependently AssessedISO/IEC 27001:2022 certification is published in Security Assurance.

External Validation

External validation is separated into public evidence and private evidence. Current public validation evidence includes ISO/IEC 27001:2022 certification for the documented certified scope. Enigm also maintains private assessment evidence that can be requested through enterprise security review under NDA. Private evidence includes cryptographic assessment, penetration testing, mobile application assessment, infrastructure assessment, and broader security review materials. Private assessment evidence is not published in public documentation because it can contain sensitive findings, scope details, remediation history, or security-relevant implementation information.

Limitations

This matrix is a public documentation aid. Limitations include:
  • It does not replace release notes.
  • It does not replace contractual commitments.
  • It does not expose internal implementation status.
  • It does not imply that every feature is available to every user account or deployment policy.
  • It does not expand ISO 27001 certification scope beyond the certified scope.
  • It distinguishes public assessment evidence from private assessment evidence available under NDA.