PQC / CRYPTO-AGILITY / CBOM

Supplier PQC Questionnaire.

Additional page sections

Generates supplier questions and evidence requests for post-quantum readiness and crypto-agility.

Version 2.9 Beta Protected engine Supplier PQC questionnaire
PURPOSE

Decision supported.

Generates supplier questions and evidence requests for post-quantum readiness and crypto-agility.

Intended user

research, assurance and technical review teams

Output status

Preliminary outputHuman review requiredNot certification
USE CASES

Where this instrument fits.

  • Prepare PQC supplier due diligence
  • Collect crypto inventory disclosures
  • Ask vendors about algorithm agility and roadmap
  • Record unanswered procurement risks
INPUTS

Required input fields.

  • Supplier type (required): SaaS, Cloud provider, Identity provider, Endpoint/security vendor, ...
  • Data handled (required): No sensitive data, Business confidential, Regulated or long-lived
  • Cryptography role (required): Unknown, Consumes protocols, Provides crypto/PKI/protocols
  • Contract leverage (required): Low, Medium, High

Data handling: this interface uses the L2ET protected same-origin instrument engine. Do not enter confidential, regulated, privileged, incident, medical or sensitive operational data.

METHOD

Evidence Matrix logic.

Generates question sets based on supplier type, data handling and cryptographic role, then flags missing evidence categories.

Source families

supplier assurancePQC migrationprocurement due diligence

Assumptions

  • Questions are a starting point.
  • Supplier answers require validation.
  • Legal review is required for contract language.
INTERACTIVE INSTRUMENT

Supplier PQC questionnaire.

Use the controls below to generate a preliminary artifact. The output is intentionally bounded and requires human review.

OUTPUT ARTIFACT

Supplier PQC questionnaire.

The generated artifact includes findings, assumptions, limitations, recommended next actions and exportable structured output.

Export options

Copy outputMarkdownJSONCSVPDF/print
EXAMPLE

Example input and output.

Example input

Identity provider handling regulated data with provider-level crypto role.

Example output

Outputs questions on certificate dependencies, hybrid testing, roadmap, notification duties and evidence.

LIMITATIONS

What this tool does not do.

  • Does not verify supplier readiness.
  • Does not provide legal advice.
  • Does not replace procurement governance.

This instrument does not provide legal, medical, cryptographic, engineering, regulatory or compliance certification.

RELATED METHOD

Method and workflow links.

Read the family method note for assumptions, output artifacts, update policy and review boundaries.

Open methodology Open family

RELATED TOOLS

Suggested workflow sequence.

Post-Quantum Readiness Dashboard

Classifies quantum-safe readiness stage and identifies the first evidence actions for post-quantum transition.

open instrument →

Crypto Exposure Mapper

Maps user-entered assets, algorithms, protocols and data lifetimes into a quantum-vulnerable dependency inventory.

open instrument →

CBOM Builder

Builds a manual cryptographic bill of materials draft with algorithms, operations, owners, evidence and migration candidates.

open instrument →
CHANGELOG

Version history.

  • v2.9 - Research-grade instrument template, method notes, assumptions, limitations, example and export actions added.
  • Last updated: 2026-05-27.
  • Maturity state: Beta.