Free tool

The post-quantum migration checklist

A practical, NIST-aligned checklist that takes a team from discovery to monitoring - five phases, with the questions to ask and the artefacts to produce at each one. Grab the preview below, then download the full checklist.

Free, no obligation

The journey

Five phases, from discovery to monitoring

Post-quantum migration is a programme, not a switch. The checklist breaks it into five phases - each one with a clear input, a clear output and a place it maps to in the EQCore platform.

01 · Discover

Inventory into a Cryptographic Bill of Materials (CBOM)

Surface the protocols, certificates, keys and algorithms in use across your network, applications and data - and turn them into a CycloneDX Cryptographic Bill of Materials. This is posture detection of what you run, not exploitation. In the platform, this is CipherScout™.

02 · Assess

Score posture and map to frameworks

Score each finding for quantum risk and map it to your governance framework. EQCore provides mappings to NIST CSF, ISO 27001, FedRAMP, CMMC, Essential Eight (ASD) and NACSA - mappings to guide the work, not certifications you hold.

03 · Plan

Prioritise by NIST regime

Order the work by exposure and by the PQC regime that applies, so the highest-risk, longest-lived secrets move first. Each finding is classified as needing a key-encapsulation or a signature swap before any change is made.

04 · Migrate

Move key-encapsulation and signatures

Swap to NIST-selected algorithms - ML-KEM for key encapsulation, ML-DSA and SLH-DSA for signatures. In the platform, CipherForge™ plans and orchestrates this; the algorithm operations run through our own CipherForge PQC service, not in EQCore itself.

CipherForgeEarly access

05 · Monitor

Re-check for drift on every scan

Cryptography drifts - a new service ships, a certificate downgrades, a weak algorithm slips back in. Re-scan on a cadence so exposure that appears after migration still surfaces, scored and framework-mapped, on every scan. In the platform, this is CipherWatch™.

How to use it

The checklist is an educational planning aid you work through with your own team - it documents what each phase involves and the artefacts to produce. Running discovery against your own estate is the job of the EQCore platform and a trial, not of this document.

A preview

A few representative items per phase

Here is a sample of the checks in each phase. The full checklist expands these into detailed, tickable items with owners and acceptance criteria - it is yours to download below.

01 · Discover

Cover all four surfaces

Confirm discovery reaches the network and TLS layer, your certificates and keys, your applications and APIs and your data and cloud KMS - then export the inventory as a Cryptographic Bill of Materials (CBOM).

02 · Assess

Tag long-lived secrets

Flag data and keys whose confidentiality must outlast the arrival of a cryptographically relevant quantum computer and attach the relevant framework mapping to each finding.

03 · Plan

Sequence by regime and risk

Group findings by PQC regime and exposure, classify each as a key-encapsulation or a signature swap and agree the order of work with the owning teams.

04 · Migrate

Adopt the NIST algorithms

Move key encapsulation to ML-KEM and signatures to ML-DSA or SLH-DSA, favouring crypto-agility so future swaps are a registry change, not a re-engineering project.

05 · Monitor

Set a re-scan cadence

Decide how often the estate is re-scanned and route new or regressed findings - scored and framework-mapped - to the team that owns remediation, on every scan.

Across every phase

Keep an owner and a date

Every item carries an owner, a target date and an acceptance criterion - so the programme stays accountable from the first scan to ongoing monitoring.

ML-KEM ML-DSA SLH-DSA NIST CSF ISO 27001 FedRAMP CMMC Essential Eight (ASD) NACSA

Get the full checklist

Download the full checklist

Add your work email and company and we’ll send you the complete post-quantum migration checklist - every phase expanded into detailed, tickable items with owners and acceptance criteria.

Ready to run it against your estate?

The checklist plans the work. A trial runs CipherScout on a scope you define and hands back a Cryptographic Bill of Materials (CBOM) and a crypto-posture view of your own cryptography.