Evidence signature
Public signals bind to governed proof.
No customer data.
QScout proof sequence. Evidence Handshake. public-to-private proof path. No customer data.
NIST published post-quantum cryptography standards in August 2024. CNSA 2.0 requires adoption for National Security Systems by 2030. Where does your organization stand? These 10 questions will tell you.
PQC readiness is not a future concern — it is a current operational requirement. The combination of Harvest Now, Decrypt Later threats, finalized NIST standards, and building regulatory pressure means that organizations without a clear PQC posture are accumulating unmeasured risk.
The standards are published: FIPS 203 (ML-KEM for key encapsulation), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA for hash-based signatures) were all finalized by NIST in August 2024. CNSA 2.0 sets the compliance timeline. NIST IR 8547 (November 2024) provides the formal deprecation roadmap for classical algorithms.
The question is no longer “should we migrate?” but “how far along are we?” This self-assessment framework helps you answer that honestly.
For each question, honestly assess whether your organization is in the “ready” or “not ready” state. Count your total to gauge your PQC readiness level.
A Cryptographic Bill of Materials (CBOM) catalogs every algorithm, key length, protocol, and library in your infrastructure. Without it, you cannot assess what is vulnerable. This includes TLS endpoints, VPNs, databases, APIs, code signing certificates, key management systems, and third-party SaaS integrations.
You have a maintained, comprehensive CBOM covering all systems.
You do not know exactly which algorithms are in use across your infrastructure.
RSA (all key sizes), ECDH, ECDSA, Ed25519, X25519, DH, and DSA are all vulnerable to Shor's algorithm. AES-128 and SHA-256 have reduced security margins under Grover's algorithm. You need to know exactly where each of these appears in your stack.
You can list every quantum-vulnerable algorithm and where it is deployed.
You are unsure which of your systems use RSA, ECDH, or other quantum-vulnerable algorithms.
The Harvest Now, Decrypt Later (HNDL) threat means data encrypted today with quantum-vulnerable algorithms can be decrypted once quantum computers mature. Data that must remain confidential for 10+ years (healthcare records, trade secrets, government data) is at immediate risk. Short-lived data (session tokens, ephemeral keys) has lower urgency.
You have classified data assets by required confidentiality period and mapped them to encryption methods.
You have not evaluated which data assets have long confidentiality requirements.
Cryptographic agility means the ability to change algorithms without redesigning systems. Can your TLS stack swap from X25519 to ML-KEM-768 through configuration? Can your code signing switch from ECDSA to ML-DSA? Hardcoded algorithms in firmware, embedded systems, or legacy applications are the highest migration risk.
Your systems support algorithm negotiation and can be reconfigured without code changes.
Algorithms are hardcoded in application logic, firmware, or vendor-locked systems.
Hybrid cryptography combines a classical algorithm with a PQC algorithm (e.g., X25519+ML-KEM-768 for TLS key exchange). This provides quantum safety while maintaining backward compatibility. NIST and industry consensus recommend hybrid mode during the transition period. Testing validates performance impact and compatibility.
You have tested hybrid TLS or hybrid encryption in staging/development environments.
You have not deployed or tested any PQC or hybrid cryptographic configurations.
NSA CNSA 2.0 sets phased expectations for National Security Systems, and NSM-10 plus OMB guidance direct federal inventory and migration planning. Even outside those regimes, customer and vendor transition horizons make a dated migration plan important. Your timeline should have milestones for inventory, pilot, production rollout, and validation.
You have a documented migration timeline with milestones and assigned ownership.
You do not have a migration timeline, or it is not aligned with regulatory and customer transition horizons.
Your quantum readiness is limited by your weakest vendor. Cloud providers, SaaS platforms, certificate authorities, VPN vendors, HSM manufacturers, and database vendors each have their own PQC timelines. If a critical vendor has no PQC roadmap, that is a gap in your migration plan.
You have received PQC roadmap commitments from all critical infrastructure vendors.
You have not asked vendors about PQC support or have received no commitments.
FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) are the foundational PQC standards. Your security team should understand which algorithms replace which (ML-KEM replaces RSA/ECDH for key exchange, ML-DSA replaces RSA/ECDSA for signatures), the performance characteristics (ML-KEM is fast but has larger keys; ML-DSA has larger signatures), and the parameter levels (512, 768, 1024 for ML-KEM).
Your security and engineering teams have been trained on NIST PQC standards and can make informed algorithm selection decisions.
Your team has limited awareness of PQC algorithms or how they differ from classical cryptography.
CISOs need a quantified metric to communicate quantum risk to non-technical stakeholders. A Cryptographic Debt score — a composite of algorithm vulnerability, data sensitivity, compliance proximity, and migration progress — provides a trackable number that boards can understand and compare across reporting periods.
You report a quantified quantum risk metric to leadership on a regular cadence.
Quantum risk is discussed qualitatively, if at all, with no measurable tracking.
Deploying PQC algorithms is necessary but not sufficient. Implementation flaws — incorrect parameter selection, side-channel leaks, fallback to classical-only, interoperability failures — can undermine quantum safety. Adversarial testing validates governed quantum-risk scenarios against your migrated infrastructure to verify resilience under realistic conditions.
You have conducted quantum adversarial testing (e.g., QStrike) against PQC-migrated systems.
You have not tested PQC implementations under adversarial conditions.
8-10 Ready
Advanced
Your organization is well-positioned for the PQC transition. Focus on adversarial validation and continuous monitoring.
5-7 Ready
Progressing
Solid foundation with gaps to close. Prioritize the areas where you answered "not ready" and set 90-day milestones.
2-4 Ready
Early Stage
Significant work ahead. Start with cryptographic inventory and a QScout Free discovery to establish your baseline.
0-1 Ready
Not Started
Immediate action needed. Your organization is accumulating quantum risk without measurement or mitigation.
Every organization, regardless of current readiness level, benefits from three immediate actions:
Start with a QScout Free discovery to get an objective baseline of your quantum security posture. For a full enterprise assessment, our QScout methodology covers every cryptographic surface.