Crypto Posture

PQC readiness checklist for governed migration planning

Use this checklist to turn early PQC concern into a practical migration baseline across scope, cryptographic exposure, policy controls, remediation, approved exceptions, and evidence.

Use it as the action-oriented starting point before deeper planning, evidence, and exception-management work.

Get started for free Find your plan

Ownership and scope

  • Define who owns PQC migration policy, remediation, approved exceptions, and evidence.
  • Identify the applications, services, certificates, gateways, and infrastructure sources in scope.
  • Assign accountable owners for each system, policy area, and evidence record.

Baseline crypto exposure

  • Baseline compliance status across applications, services, certificates, and infrastructure in scope.
  • Assess TLS, PKI, certificate, and classical public-key cryptography exposure across the migration scope.
  • Identify remediation priorities and exception candidates before wider rollout.

Policy and controls

  • Translate standards guidance into policy templates and PQC-specific controls.
  • Decide which controls should warn, fail, or remain report-only during the first migration phase.
  • Keep compliance status current through automated checks in CI and pull requests.

Evidence and next steps

  • Retain evidence snapshots, policy versions, approved exceptions, and migration reporting over time.
  • Use the first baseline to brief security, platform, risk, and leadership teams on migration progress.
  • Expand from one application or service to a broader governed PQC migration scope.

What you should have after the checklist

A named scope

One application or service, its owners, and the connected systems you will include in the first baseline.

A policy starting point

A small set of controls marked report-only, warn, or fail so teams know what will be measured first.

A first evidence target

The policy version, evaluation record, remediation summary, and approved exception decisions needed for review.

Turn the checklist into your first governed baseline

Crypto Posture helps teams move from checklist planning to governed execution: select a policy template, enroll one application or service, baseline compliance status, and produce a first audit-ready evidence snapshot.

Get started for free Find your plan