Security & scan safety

The boundary is proven before deeper access is asked.

See exactly how QScout separates the consented public-surface scan from governed, operator-led assessment depth — with signed evidence at every step.

Open Trust Center Request a review

In plain terms: QScout is a consented, non-penetrative scanner. It checks your public web, TLS, DNS and certificate surfacefor quantum-exposed cryptography — and only crosses into deeper, credentialed assessment after you approve the scope.

Frameworks mapped and Zoho Corporation-held inherited controls

NIST mapped FIPS 203/204/205 mapped Zoho SOC 2 inherited Zoho ISO 27001 inherited CMMC preparation

boundary state · governed & signedENFORCED

The signal crosses the consent boundary only after authorization — then every artifact is governed and ML-DSA signed (NIST FIPS 204 post-quantum signature).

consent gatenon-penetrativegovernedML-DSA signed

Ecosystem contextIBM QuantumIonQQuantinuumRigetti

These are the quantum-computing platforms our threat model and validation work calibrate against — not customer references.

Consent before checks

QScout Free starts only after requester authorization and business-email verification. The website snapshot is capped at the submitted domain and any verified same-domain public hosts.

No penetration in Free

The browser path runs public HTTP, TLS, DNS, certificate, email-crypto, and observable exposure checks. It does not exploit, authenticate, enumerate private assets, or behave like Surface.

Artifacts stay governed

Raw findings, cryptographic bill-of-materials (CBOM) output, signed bundles, and privileged evidence stay in operator-led scoped assessment lanes after buyer approval.

Procurement is controlled

Contact/ticket intake starts governed procurement after scope alignment; legacy Marketplace routes are not a self-serve scan catalog or public rate card.

Assessment boundary

Five QScout paths, one authorization rule.

QScout Free stays browser-safe and capped. Surface, Silver, and Gold add all-domain public validation, credentials, and privileged evidence only when approved; QScout Pulse keeps the baseline current afterward.

QScout Free

24 public-surface modules across up to 10 total authorized same-domain public hosts.

QScout Surface

All approved public domains and exposed assets, using consented unauthenticated external validation to check locks, doors, services, panels, cryptographic controls, and paths an outsider could use before credentials are introduced.

QScout Silver

Surface plus approved credentials through application, source, build, dependency, authenticated workflow, and integration evidence.

QScout Gold

Silver plus approved privileged infrastructure, runtime, telemetry, CBOM, cryptographic inventory, and governed evidence packaging.

QScout Pulse

Continuous cryptographic risk intelligence after a governed QScout baseline: scheduled reassessment, event-triggered updates, drift reporting, and exposure-regression monitoring.