Stage 1
Unclear policy, scope, and ownership
Standards pressure is real, but policy, scope, ownership, remediation, approved exceptions, and evidence are not yet organized around a migration program.
PQC readiness maturity model
PQC readiness improves in stages. Use this model to understand where your team is now, what to do next, and when you are ready to move from unclear scope to governed remediation and evidence-backed enforcement.
Stage 2
Scope and baseline
Teams define applications, services, certificates, gateways, and infrastructure in scope, then establish an initial compliance baseline.
Stage 3
Governed remediation
Findings are connected to owners, remediation work, approved exception decisions, policy context, and evidence snapshots.
Stage 4
Policy enforcement
Report-only checks move toward warn and fail behavior in delivery workflows as teams build confidence in policy and approved exceptions.
Stage 5
Evidence-ready governance
Compliance status, policy versions, approved exceptions, remediation progress, and evidence are retained for audits, customers, and leadership.
Five-minute self-assessment
Score each statement as 0 for not started, 1 for partly true, or 2 for consistently true. Use the result to decide the next practical move, not to create a perfect maturity score.
Scope
We know which applications, services, certificates, gateways, and infrastructure sources are in scope.
Policy
We have selected policy templates and PQC-specific controls for the first baseline.
Ownership
Findings are assigned to named owners with remediation status and target dates.
Exceptions
Approved exceptions are time-bound, reviewed, and tied to policy context and affected scope.
Evidence
We can produce current evidence for audit, customers, leadership, or risk review.
0-3 points
Start with ownership, scope, and a first baseline.
4-6 points
Move from visibility into governed remediation and exceptions.
7-10 points
Strengthen enforcement, evidence retention, and reporting.
Start with one governed baseline
Crypto Posture is designed to help teams move from inventory and uncertainty into a repeatable governance loop for policy, remediation, approved exceptions, and evidence.