Skip to content
← Back to article

Post-Quantum Crypto Inventory Template

Free checklist from our PQC migration guide

Map every public-key dependency in your environment and build a phased PQC migration roadmap.

Get this checklist as a PDF — we'll send it to your inbox.

From Post-Quantum Cryptography Migration Roadmap

Instructions

Use this template to catalog where public-key cryptography lives in your environment. Complete each section, then prioritize by data sensitivity and change difficulty. The result is a phased migration roadmap with owners and decision points.

1. Crypto Asset Inventory

List every system, service, or data store that relies on public-key cryptography.

System / Service Crypto Use (TLS, signing, encryption, key exchange) Algorithm (RSA, ECDSA, ECDH, etc.) Key Size Owner
 
 
 
 
 

2. Data Sensitivity Classification

For each asset above, classify the data it protects.

  • Which assets protect data with a secrecy requirement beyond 10 years?
  • Which assets protect regulated data (PII, PHI, financial)?
  • Which assets are exposed to harvest-now-decrypt-later risk?
  • Which assets handle government or defense-related data?
  • Which assets are used in digital signatures with long-lived validity?

3. Change Difficulty Assessment

Rate each system's migration difficulty to guide phasing.

  • Can the system's crypto library be updated independently?
  • Does the system depend on hardware security modules (HSMs)?
  • Are there third-party or vendor dependencies blocking algorithm changes?
  • Does migration require protocol-level changes (e.g., TLS 1.3 with PQC KEM)?
  • Is there a test environment available for hybrid algorithm validation?
  • What is the estimated downtime or change window required?

4. Vendor Readiness Tracker

Track PQC support timelines from your key vendors.

Vendor / Product PQC Support Status Target Date Notes / Blockers
 
 
 
 

5. Phased Migration Roadmap

Assign each asset to a migration phase based on risk and readiness.

Phase 1 — Immediate (high sensitivity, high harvest-now risk)

  • System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
  • System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____

Phase 2 — Near-term (regulated data, moderate change difficulty)

  • System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
  • System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____

Phase 3 — Standard (remaining systems, vendor-dependent)

  • System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____
  • System: _____ | Target algorithm: _____ | Owner: _____ | Deadline: _____

6. Decision Log

  • Decision: _____ | Date: _____ | Rationale: _____ | Owner: _____
  • Decision: _____ | Date: _____ | Rationale: _____ | Owner: _____
  • Decision: _____ | Date: _____ | Rationale: _____ | Owner: _____

Found this useful? Read the full article:

Read: Post-Quantum Cryptography Migration Roadmap →