Quantum Resilience Evidence

Transparent governance artifacts proving our quantum-safe cryptographic implementation. No quantum washing — just evidence.

📊 View CBOM/QBOM 📥 Download Package

Addressing the 10 Quantum Readiness Criteria

Based on industry best practices and compliance frameworks

1. Cryptographic Bill of Materials (CBOM/QBOM)

Complete inventory of cryptographic assets

✅ COMPLIANT

What We Provide:

CycloneDX 1.6 compatible CBOM for all 8 products
Quantum Bill of Materials (QBOM) classifying quantum-safe vs vulnerable algorithms
Automated CBOM generator (regenerated quarterly)
Human-readable summaries for each product

Sample CBOM Entry (Wallet Extension):

{
  "algorithm": "ML-DSA-44",
  "type": "signature",
  "standard": "FIPS 204",
  "securityLevel": 2,
  "quantumSafe": true,
  "nistApproved": true,
  "publicKeySize": 1312,
  "signatureSize": 2420,
  "library": "@noble/post-quantum v0.2"
}

Download All CBOM/QBOM Files

2. Integration & Vendor Transparency

APIs, dependencies, and third-party integrations

⚠️ PARTIAL

Our Stack:

Component	PQC Status
TLS Layer	✅ PQC-enabled
Application Layer	✅ PQC (ML-DSA)
Database Encryption	⚠️ AES-256 (symmetric)
Cloud Provider	⚠️ Mixed (evaluating)

Mitigation Strategy:

→ End-to-end encryption bypasses cloud provider
→ Vendor crypto disclosure requirements in procurement
→ Symmetric crypto (AES) not quantum-vulnerable
→ Quarterly vendor PQC readiness assessments

3. Governance Artifacts & Policies

Documented procedures, policies, and compliance frameworks

✅ COMPLIANT

📋 Key Lifecycle Policy

Complete procedures for key generation, storage, rotation, revocation, and destruction.

Download PDF →

🔄 Algorithm Agility Framework

Migration strategies, hybrid cryptography, and future-proofing approach.

Download PDF →

✓ Compliance Matrix

Mapping to NIST, CNSA 2.0, ISO 27001, GDPR, and other frameworks.

Download JSON →

4. Algorithm Agility (Not Just Swap)

Prepared for cryptographic evolution

✅ STRONG

Multi-Algorithm Support:

ML-DSA-44

NIST Level 2 (128-bit equivalent)
ML-DSA-65

NIST Level 3 (192-bit equivalent)
ML-DSA-87

NIST Level 5 (256-bit equivalent)
ML-KEM-768

NIST Level 3 KEM

Agility Features:

Versioned Signatures

Every signature includes algorithm ID for future-proof parsing

Hybrid Mode

Classical + PQC for defense-in-depth (blockchain, browser)

Algorithm Registry

Centralized registry with EXPERIMENTAL → ACTIVE → DEPRECATED lifecycle

Migration Playbooks

Documented procedures for emergency algorithm replacement

5. Testing & Validation

✅ Yes

✓ Automated test suite (1000+ iterations)
✓ Performance benchmarks published
✓ Cross-library interoperability tests
✓ NIST Known Answer Tests (KAT)

View Test Reports →

6. Vendor Transparency

⚠️ Partial

✓ Open-source crypto libraries disclosed
✓ No proprietary black-box crypto
⚠️ Cloud provider PQC status: evaluating
→ Vendor scorecard in development

7. Board-Level Oversight

✅ Yes

✓ Quantum risk register maintained
✓ Quarterly executive briefings
✓ Budget allocated for PQC program
✓ Fiduciary duty documented

8. Telemetry & Observability

🚧 In Progress

→ Live metrics dashboard (Q1 2026)
→ Algorithm usage tracking
→ Performance monitoring
→ Real-time anomaly detection

Preview Dashboard →

9. Regulatory Compliance

✅ Yes

✓ NIST FIPS 204/203 compliant
✓ CNSA 2.0 aligned (ahead of 2030)
✓ GDPR encryption standards exceeded
⚠️ ISO 27001 certification (Q3 2026)

View Compliance Matrix →

10. Fiduciary Evidence

✅ Yes

✓ Self-certification reports (PDFs)
✓ Technical implementation audits
→ Third-party security audit (Q1 2026)
→ NIST FIPS 140-3 validation (Q1 2027)

Download Compliance Package →

Ready to Verify Our Claims?

Download our complete compliance package or explore our open-source implementations.

Download Compliance Package View on GitHub

Continuous Improvement

This evidence page is updated quarterly. Last updated: December 29, 2025. Next review: March 2026. We welcome feedback and independent verification — contact info@pqcnow.com.