PQC / CRYPTO-AGILITY / CBOM

Crypto Exposure Mapper.

Additional page sections

Maps user-entered assets, algorithms, protocols and data lifetimes into a quantum-vulnerable dependency inventory.

Version 2.3 Beta Protected engine Crypto exposure inventory
PURPOSE

Decision supported.

Maps user-entered assets, algorithms, protocols and data lifetimes into a quantum-vulnerable dependency inventory.

Intended user

research, assurance and technical review teams

Output status

Preliminary outputHuman review requiredNot certification
USE CASES

Where this instrument fits.

  • Create first-pass crypto inventories
  • Prioritize quantum-vulnerable dependencies
  • Discuss crypto-agility gaps with platform owners
  • Prepare CBOM input rows
INPUTS

Required input fields.

  • Asset or system (required)
  • Public-key algorithm (required): RSA, ECC/ECDSA/ECDH, Hybrid PQC/classical, PQC candidate/standard, ...
  • Operation (required): Key exchange, Signature, Encryption, Hash
  • Data class (required): Public, Internal, Confidential, Long-lived sensitive
  • Replacement difficulty (required): Low, Medium, High
  • Supplier dependency (required): Internal control, Shared dependency, Vendor controlled

Data handling: this interface uses the L2ET protected same-origin instrument engine. Do not enter confidential, regulated, privileged, incident, medical or sensitive operational data.

METHOD

Inventory Table logic.

Scores cryptographic exposure from algorithm family, operation, data lifetime, replacement difficulty and supplier dependency.

Source families

PQC migration planningCBOM practicecrypto-agility

Assumptions

  • Rows are manually entered.
  • Protocol implementations may contain hidden dependencies.
  • Algorithm details require technical verification.
INTERACTIVE INSTRUMENT

Crypto exposure inventory.

Use the controls below to generate a preliminary artifact. The output is intentionally bounded and requires human review.

OUTPUT ARTIFACT

Crypto exposure inventory.

The generated artifact includes findings, assumptions, limitations, recommended next actions and exportable structured output.

Export options

Copy outputMarkdownJSONCSVPDF/print
EXAMPLE

Example input and output.

Example input

Customer portal TLS edge uses RSA key exchange for confidential data with medium replacement difficulty.

Example output

Outputs high transition pressure and a migration-priority inventory row.

LIMITATIONS

What this tool does not do.

  • Not a scanner.
  • Does not prove algorithm use.
  • Does not validate PQC implementation quality.

This instrument does not provide legal, medical, cryptographic, engineering, regulatory or compliance certification.

RELATED METHOD

Method and workflow links.

Read the family method note for assumptions, output artifacts, update policy and review boundaries.

Open methodology Open family

RELATED TOOLS

Suggested workflow sequence.

Post-Quantum Readiness Dashboard

Classifies quantum-safe readiness stage and identifies the first evidence actions for post-quantum transition.

open instrument →

CBOM Builder

Builds a manual cryptographic bill of materials draft with algorithms, operations, owners, evidence and migration candidates.

open instrument →

Harvest-Now / Decrypt-Later Horizon Estimator

Estimates harvest-now-decrypt-later urgency from confidentiality lifetime, capture feasibility and migration lead time.

open instrument →
CHANGELOG

Version history.

  • v2.3 - Research-grade instrument template, method notes, assumptions, limitations, example and export actions added.
  • Last updated: 2026-05-27.
  • Maturity state: Beta.