The Post-Quantum Cryptography Coalition (PQCC) has published a new guide to help organizations evaluate security solutions that can withstand future threats from quantum computing.
It’s a central resource from the PQCC, an organization that brings together technologists, researchers and expert cryptography practitioners, including PQShield. The document was created through the effort of multiple partners to help create a tailored framework, pointing organizations towards less uncertainty and a good foundation for transition.
The PQCC Solution Analysis Guide outlines a structured scoring model based on six focus areas:
- Technical readiness – How mature is a solution in terms of its ability to support PQC practically?
- Crypto Agility – How easy will a solution adapt to evolving cryptographic standards without requiring ‘rip-and-replace’?
- PQC Standards alignment – How well does a solution align to relevant industry and government standards?
- Timeline – How long will it take for the solution to be technically ready and fully integrated?
- Integration fit – How easy does a solution fit existing workflows and operations?
- Provider ability to execute – Does the provider have the resources, roadmap and processes required to sustain PQC migration in the long-term?
These are helpful considerations that bring clarity to organizations considering the shift to PQC. The guide then introduces a useful scoring model that helps with analysis and evaluation, based on these focus areas. It suggests weighting each focus area and introducing a scoring rubric – a unique, flexible framework for each organization to score a solution against a focus area, based on well thought-through, specific parameters.
The guide provides guidance on evaluating scores, and how to use the results as a decision-making support tool for comparing different providers. It emphasizes the importance of co-ordination, and the need to refine criteria as standards and solutions evolve.
Our view: With the PQCC Solution Analysis Guide, the Coalition has provided a key evaluation framework for PQC solutions. It’s clear that in the fast-moving world of post-quantum migration, there’s an urgency on developing processes for assessing quantum-resistant solutions. This guide is a useful tool that will help build a clear foundation for transition, enabling organizations to prepare for the next generation of cryptography.
You can read the full guide here.
Author: Matthew Stubbs is a content engineer and technical author, with a background in optical physics and engineering. With a range of experience in many industries and technologies, Matt writes about cybersecurity, science and cryptography updates, managing PQShield’s content and providing technical insight to the latest developments.