Score your post-quantum migration posture.
An educational starting point — not a substitute for a real cryptography inventory or auditor engagement.
Score drivers
- Baseline readiness+72
- Cloud-dependent stack-5
- Sensitive data at rest / in transit-14
- 1 critical systems in scope-3
Migration checklist
- Inventory cryptography across TLS, VPN, SSH, email, code signing, backups, certificates, and payments.
- Identify long-life sensitive data exposed to harvest-now-decrypt-later.
- Review vendor post-quantum roadmaps and cryptographic agility.
- Track NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA).
- Build a migration roadmap with owners, pilots, and procurement checkpoints.
Educational research only. QuantumCryptoRisk does not claim quantum computers can break Bitcoin or banking encryption today, and nothing here is financial, investment, cybersecurity, or legal advice.
Frequently asked questions
What is post-quantum readiness for a business?
Post-quantum readiness is the ability to identify, inventory, and migrate cryptographic systems — TLS certificates, VPN tunnels, code signing, backups, database encryption, identity, and vendor integrations — from classical algorithms (RSA, ECDSA, ECDH) to NIST-standardized PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) before quantum computers threaten them.
What is a cryptography inventory?
A cryptography inventory (also called a crypto-bill-of-materials or CBOM) is a catalog of every place your organization uses cryptography: algorithms, key sizes, protocols, libraries, hardware, and vendors. NIST NCCoE and CISA recommend it as the first concrete step toward PQC migration.
When should we start migrating to post-quantum cryptography?
Now — for discovery and planning. NIST, NSA CNSA 2.0, and the White House NSM-10 memorandum all recommend beginning cryptographic inventory and vendor engagement immediately, with prioritized migration of long-lived-data and high-value systems by 2030–2035.
What is harvest-now-decrypt-later?
Harvest-now-decrypt-later (HNDL) is the threat model where an adversary captures encrypted traffic today and stores it until a quantum computer can decrypt it later. It matters most for data with long confidentiality lifetimes: medical records, legal archives, intellectual property, government secrets.
Is the readiness score an audit?
No. It is an educational starting point — a structured way to compare your posture against common industry patterns. A real PQC migration needs a cryptography inventory, vendor engagement, and typically a qualified cryptography or infosec auditor.