Post-Quantum Crypto Inventory Template
Free checklist from our PQC migration guide
Map every public-key dependency in your environment and build a phased PQC migration roadmap.
Get your free checklist
Enter your email to unlock this resource instantly.
Instructions
Use this template to catalog where public-key cryptography lives in your environment. Complete each section, then prioritize by data sensitivity and change difficulty. The result is a phased migration roadmap with owners and decision points.
1. Crypto Asset Inventory
List every system, service, or data store that relies on public-key cryptography.
| System / Service | Crypto Use (TLS, signing, encryption, key exchange) | Algorithm (RSA, ECDSA, ECDH, etc.) | Key Size | Owner |
|---|---|---|---|---|
2. Data Sensitivity Classification
For each asset above, classify the data it protects.
- Which assets protect data with a secrecy requirement beyond 10 years?
- Which assets protect regulated data (PII, PHI, financial)?
- Which assets are exposed to harvest-now-decrypt-later risk?
- Which assets handle government or defense-related data?
- Which assets are used in digital signatures with long-lived validity?
3. Change Difficulty Assessment
Rate each system's migration difficulty to guide phasing.
- Can the system's crypto library be updated independently?
- Does the system depend on hardware security modules (HSMs)?
- Are there third-party or vendor dependencies blocking algorithm changes?
- Does migration require protocol-level changes (e.g., TLS 1.3 with PQC KEM)?
- Is there a test environment available for hybrid algorithm validation?
- What is the estimated downtime or change window required?
4. Vendor Readiness Tracker
Track PQC support timelines from your key vendors.
| Vendor / Product | PQC Support Status | Target Date | Notes / Blockers |
|---|---|---|---|
5. Phased Migration Roadmap
Assign each asset to a migration phase based on risk and readiness.
Phase 1 — Immediate (high sensitivity, high harvest-now risk)
- System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
- System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
Phase 2 — Near-term (regulated data, moderate change difficulty)
- System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
- System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
Phase 3 — Standard (remaining systems, vendor-dependent)
- System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
- System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
6. Decision Log
- Decision: _____ | Date: _____ | Rationale: _____ | Owner: _____
- Decision: _____ | Date: _____ | Rationale: _____ | Owner: _____
- Decision: _____ | Date: _____ | Rationale: _____ | Owner: _____
Found this useful? Read the full article:
Read: Post-Quantum Cryptography Migration Roadmap →