PQC / CRYPTO-AGILITY / CBOM

PQC Contract Clause Checklist.

Additional page sections

Creates PQC-related contract language themes and evidence topics for legal and procurement review.

Version 1.5 Prototype Protected engine PQC contract clause checklist
PURPOSE

Decision supported.

Creates PQC-related contract language themes and evidence topics for legal and procurement review.

Intended user

research, assurance and technical review teams

Output status

Preliminary outputHuman review requiredNot certification
USE CASES

Where this instrument fits.

  • Prepare procurement checklist for PQC
  • Identify contract themes for legal review
  • Ask for crypto inventory and roadmap commitments
  • Track migration assistance and notification topics
INPUTS

Required input fields.

  • Vendor type (required): SaaS, Cloud, PKI/certificate provider, Network/VPN, ...
  • Data sensitivity (required): No sensitive data, Business confidential, Regulated or long-lived
  • Cryptographic role (required): Unknown, Consumes crypto protocols, Provides cryptographic service
  • Contract term (required): Less than 1 year, 1-3 years, More than 3 years

Data handling: this interface uses the L2ET protected same-origin instrument engine. Do not enter confidential, regulated, privileged, incident, medical or sensitive operational data.

METHOD

Evidence Matrix logic.

Maps vendor type, data sensitivity and cryptographic role to clause themes around inventory, algorithm agility, roadmap, notification, testing and audit evidence.

Source families

procurement due diligencecontract risk themesPQC migration

Assumptions

  • This is a thematic checklist.
  • Legal drafting requires counsel.
  • Jurisdiction and sector requirements may differ.
INTERACTIVE INSTRUMENT

PQC contract clause checklist.

Use the controls below to generate a preliminary artifact. The output is intentionally bounded and requires human review.

OUTPUT ARTIFACT

PQC contract clause checklist.

The generated artifact includes findings, assumptions, limitations, recommended next actions and exportable structured output.

Export options

Copy outputMarkdownJSON
EXAMPLE

Example input and output.

Example input

Critical SaaS supplier with business confidential data and unknown crypto role.

Example output

Outputs clause themes for inventory disclosure, roadmap, weakness notification, migration assistance and audit evidence.

LIMITATIONS

What this tool does not do.

  • Not legal advice.
  • Does not create enforceable contract text.
  • Does not verify supplier evidence.

This instrument does not provide legal, medical, cryptographic, engineering, regulatory or compliance certification.

RELATED METHOD

Method and workflow links.

Read the family method note for assumptions, output artifacts, update policy and review boundaries.

Open methodology Open family

RELATED TOOLS

Suggested workflow sequence.

Post-Quantum Readiness Dashboard

Classifies quantum-safe readiness stage and identifies the first evidence actions for post-quantum transition.

open instrument →

Crypto Exposure Mapper

Maps user-entered assets, algorithms, protocols and data lifetimes into a quantum-vulnerable dependency inventory.

open instrument →

CBOM Builder

Builds a manual cryptographic bill of materials draft with algorithms, operations, owners, evidence and migration candidates.

open instrument →
CHANGELOG

Version history.

  • v1.5 - Research-grade instrument template, method notes, assumptions, limitations, example and export actions added.
  • Last updated: 2026-05-27.
  • Maturity state: Prototype.