Post-Quantum Cryptography (PQC) Readiness1 items

Post-Quantum Cryptography (PQC) Readiness1 items
Roadmap & Inventory

Inventory algorithms (TLS, data-at-rest, app crypto) and their libraries. Identify long-lived data that must remain confidential for 10+ years (harvest-now, decrypt-later threat).

Adopt hybrid key exchange/signatures as vendors support them; design crypto agility into services.

  • Track usage of RSA/ECC in SBOMs; map libraries (OpenSSL/Boring/Tink).
  • Pilot NIST selections (e.g., Kyber for KEM, Dilithium for signatures) as vendors stabilize.
  • Prefer abstraction via KMS to reduce app-level changes.
Classic Hybrid PQC Plan migration path: inventory → hybrid → full PQC
© Post-Quantum Cryptography (PQC) Readiness1 items • Security Review Playbook — Corey Potter • Built for expert threat modeling