Compliance

Evidence for the post-quantum compliance era

Regulators have put dates on the move to post-quantum cryptography. EQCore™ gives you the evidence to plan for them with a CycloneDX inventory of the cryptography you run, findings mapped to the frameworks you report on and fresh evidence on every scan.

The regulatory landscape

The deadlines are dated and they are close

The transition to post-quantum cryptography is no longer open-ended. Standards bodies and regulators across the US and EU have set out timelines that make cryptographic readiness a near-term, auditable obligation rather than a future concern.

NIST · The backstop

Deprecated by 2030, disallowed by 2035

NIST’s transition guidance deprecates 112-bit-strength RSA and elliptic-curve cryptography by 2030 and disallows it after 2035 - the hard backstop most other timelines plan against.

CNSA 2.0 · NSS

Post-quantum across NSS

The NSA’s Commercial National Security Algorithm Suite 2.0 directs National Security Systems to NIST-standardised post-quantum algorithms, prioritising software and firmware signing first, with exclusive use expected across NSS by 2035.

DORA · EU finance

Operational resilience, applied

The EU Digital Operational Resilience Act has applied to financial entities since January 2025, raising the bar on ICT risk management - which puts the cryptography protecting that estate squarely in scope.

NIS2 · EU critical

Wider critical-sector scope

The EU NIS2 Directive, with a national transposition deadline of October 2024, widens cybersecurity and risk-management duties across critical and important entities - again reaching the cryptography underneath them.

Why now

These are dated drivers, not predictions. Discovering, prioritising and re-keying cryptography across a large estate takes years, so the organisations that meet these dates are the ones building a measured inventory and a prioritised plan now.

How EQCore supports compliance

Turn cryptographic posture into audit-ready evidence

EQCore produces the evidence a certification rests on: an inventory of what you run, findings tied to the frameworks you answer to, and a fresh record every time you scan.

01 · Discover

A Cryptographic Bill of Materials (CBOM) of what you run

CipherScout™’s scanners surface the protocols, keys, certificates and algorithms across your network, applications and data layer, then emit a CycloneDX 1.7-aligned Cryptographic Bill of Materials, a documented evidence of the cryptography you actually run.

02 · Map

Findings mapped to frameworks

Every finding carries a regulatory control reference and EQCore maps results to the governance frameworks your teams report against so a cryptographic gap becomes a line item against a control, not an abstraction.

03 · Monitor

Ongoing evidence on every scan

CipherWatch™ raises severity-scored alerts on every scan and on your schedule, and compares scans over time to surface new or changed exposure, giving you a dated trail of evidence rather than a one-off snapshot.

Compliance scope

EQCore produces the evidence base an auditor or assessor works from: your cryptographic findings mapped to the frameworks you report against, generated inside your own boundary.

Framework coverage

The frameworks EQCore maps findings to today

EQCore maps cryptographic findings to various governance frameworks today, for countries including Canada, United States, EU, UAE, India, Australia, Malaysia and more. Further regulatory mappings are on the roadmap - the dated regulations above already drive the work even before a direct mapping ships.

Mapped today (Sample)

NIST CSF ISO 27001 FedRAMP CMMC Essential Eight (ASD) NACSA

On the roadmap

DORA Roadmap NIS2 Roadmap PCI DSS Roadmap HIPAA Roadmap

Framework mapping

EQCore maps every finding to the controls it affects, across NIST FIPS 203/204/205, ASD ISM, DORA and more, so you see compliance impact at the finding level.

ExeQuantum holds

ISO 27001 certified
ISO/IEC 27001 certification

Independently audited. Zero non-conformances at last surveillance. Verifiable at register.jasanz.org.

Build your compliance evidence base

Book a discovery scan and get a Cryptographic Bill of Materials (CBOM) of the cryptography you run, with findings mapped to the frameworks you report against - produced inside your own boundary.