Post-Quantum Cryptography
Readiness Checklist
12-step framework for quantum-safe migration aligned with NIST FIPS 203/204/205, NSA CNSA 2.0, and sector-specific compliance mandates.
Executive Summary
Quantum computers capable of breaking RSA, ECC, and Diffie-Hellman encryption are projected to emerge between 2028 and 2035. The threat is not theoretical. Adversaries are executing Harvest Now, Decrypt Later (HNDL) attacks today, capturing encrypted data for future quantum decryption.
NIST finalized the first three post-quantum cryptography standards in August 2024: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). The standards are done. Implementation must begin now.
This checklist synthesizes guidance from NIST, NSA, CISA, and sector-specific regulators into an actionable framework with timeline pressure, algorithm decision criteria, and maturity measurement.
The Mosca Inequality
Why 2026 is already late for many organizations:
Y = time to migrate
Z = time until quantum threat
Regulatory Timeline
Multiple regulators have issued quantum cryptography requirements. These hard dates should anchor your roadmap.
| Date | Authority | Requirement |
|---|---|---|
| Aug 2024 | NIST | FIPS 203, 204, 205 finalized. PQC standards official. |
| 2025 | OCC / FFIEC | Banks must inventory quantum-vulnerable cryptography. |
| 2025 | PCI DSS 4.0 | Crypto-agility requirements for payment card data. |
| 2027 | OMB M-23-02 | Federal agencies must complete crypto inventory. |
| 2030 | NSA CNSA 2.0 | NSS software must use PQC algorithms. |
| 2033 | NSA CNSA 2.0 | NSS firmware/hardware must use PQC algorithms. |
| 2035 | NSA CNSA 2.0 | Full quantum resistance required for all NSS. |
Financial Services
OCC Bulletin 2024-18, FFIEC crypto-agility, SOX audit committees
Healthcare
HIPAA Security Rule, lifetime PHI retention, OCR enforcement
Government/Defense
FedRAMP PQC tracking, CMMC 2.0, CNSA 2.0 timelines
Critical Infrastructure
NERC CIP evolution, ICS/SCADA long upgrade cycles
Algorithm Selection Guide
NIST has standardized three algorithms. Each serves different use cases with distinct tradeoffs.
ML-KEM (Kyber)
FIPS 203Default for TLS, VPN, encrypted communications. Smaller ciphertext than alternatives. Best general-purpose choice.
ML-DSA (Dilithium)
FIPS 204Default for code signing, certificates, authentication. Fast signing/verification. Larger keys than classical.
SLH-DSA (SPHINCS+)
FIPS 205Conservative choice when lattice assumptions concern you. Hash-based security well understood. Large signatures but proven foundation.
FN-DSA (Falcon)
Draft 2025Smallest signatures of lattice schemes. Requires careful implementation to avoid side-channel attacks. Wait for NIST finalization.
Implementation Note: Most organizations should start with ML-KEM for key exchange and ML-DSA for signatures. SLH-DSA serves as a fallback if future cryptanalysis weakens lattice-based schemes. Hybrid deployments (classical + PQC in parallel) provide defense-in-depth during transition.
The 12-Step PQC Readiness Checklist
A phased approach from foundation through sustainment, with clear deliverables and maturity indicators.
Phase 1: Foundation
Months 1-3Establish Governance and Executive Sponsorship
Form a cross-functional quantum readiness team with C-suite sponsorship. Assign board-level or CISO ownership. Integrate quantum risk into existing enterprise risk management frameworks.
Quantum Risk Governance Charter with named accountable executive
Executive receives quarterly quantum risk briefings
Conduct Cryptographic Discovery and Inventory
Deploy automated scanning tools to identify all cryptographic implementations across applications, infrastructure, and third-party dependencies. Build a Cryptographic Bill of Materials (CBOM).
Complete CBOM with quantum vulnerability classification
95%+ coverage of enterprise systems in inventory
Assess HNDL Exposure and Data Classification
Calculate your Mosca Inequality for each data category. Identify data with secrecy requirements exceeding the quantum threat timeline. Prioritize M&A records, litigation holds, healthcare PHI, financial archives.
HNDL exposure matrix with risk-ranked data categories
Board-approved prioritization of crown jewel data
Phase 2: Planning
Months 4-9Develop Migration Roadmap with Regulatory Alignment
Create a phased migration plan working backward from regulatory deadlines. Map CNSA 2.0 dates for government work. Align with sector-specific requirements (OCC, PCI, HIPAA).
Board-approved PQC migration roadmap with budget
Roadmap milestones incorporated into IT strategic plan
Evaluate and Select PQC Algorithms
Assess NIST-standardized algorithms against your use cases. Test ML-KEM for key exchange, ML-DSA for signatures. Evaluate performance impact on latency-sensitive applications.
Algorithm selection matrix with performance benchmarks
Lab testing completed on candidate algorithms
Design Crypto-Agility Architecture
Architect systems for algorithm flexibility. Implement abstraction layers that allow cryptographic modules to be swapped without application changes. Design for negotiable cipher suites.
Crypto-agility architecture specification
Reference implementation in development environment
Engage Vendors and Supply Chain
Survey all vendors on their PQC roadmaps. Obtain written timelines for when products will support NIST standards. Update procurement requirements to mandate PQC readiness.
Vendor PQC readiness assessment with risk ratings
PQC requirements in new contract language
Phase 3: Implementation
Months 10-36Execute Pilot Deployments
Deploy PQC in non-production environments first. Test hybrid TLS configurations. Validate certificate chain handling with PQC signatures. Measure performance overhead.
Pilot deployment report with performance metrics
Successful hybrid TLS handshakes in test environment
Migrate Data-in-Transit
Upgrade TLS implementations to support ML-KEM key exchange. Deploy hybrid cipher suites that combine classical and post-quantum algorithms. Prioritize external-facing endpoints.
Production TLS upgrade completion report
100% of external endpoints support PQC cipher suites
Migrate Data-at-Rest and Re-encrypt Archives
Address the HNDL backlog. Re-encrypt high-value archived data with quantum-resistant algorithms. Update key management systems. Rotate certificates to PQC-signed versions.
Data-at-rest migration completion with exceptions documented
Crown jewel data protected with PQC algorithms
Phase 4: Sustainment
OngoingValidate and Audit Completion
Conduct post-migration audit to verify all identified vulnerabilities addressed. Perform penetration testing against PQC implementations. Validate compliance with applicable regulations.
Independent audit report confirming PQC implementation
Clean audit findings on cryptographic controls
Establish Continuous Monitoring and Evolution
Institute continuous monitoring of NIST announcements, cryptanalysis research, and quantum computing progress. Keep CBOM current. Drill crypto-agility procedures annually.
Crypto monitoring program with defined triggers for action
Annual crypto-agility drill completed successfully
PQC Readiness Maturity Model
Score each dimension 1-5 to assess your current state and track progress.
| Dimension | 1 - Initial | 2 - Aware | 3 - Planned | 4 - Active | 5 - Optimized |
|---|---|---|---|---|---|
| Governance | No ownership | CISO aware | Charter approved | Board reporting | Integrated ERM |
| Inventory | None | Partial manual | Automated scan | Full CBOM | Continuous update |
| Risk Assessment | Not started | Ad hoc review | HNDL mapped | Prioritized plan | Quantified risk |
| Crypto-Agility | Hardcoded | Some flexibility | Architecture spec | Implemented | Tested annually |
| Vendor Mgmt | Not addressed | Some inquiries | All surveyed | Contract terms | Ongoing validation |
| Implementation | No PQC | Lab testing | Pilot deployed | Production live | Full migration |
Ready to Assess Your Quantum Risk?
Qscout26 delivers first findings in 7 days with board-ready reporting. Qstrike26 provides comprehensive 4-month testing with proof-of-concept demonstrations.