PQC Migration Audit

You can't migrate the crypto
you can't see.

A fixed-fee, vendor-neutral audit that inventories your cryptography end-to-end — TLS, SSH, VPN, PKI, and QKD key delivery — flags every channel a quantum computer will break, and hands you a prioritized, standards-aligned migration roadmap. No product commitment.

Get your free scan See pricing
Aligned with NIST FIPS 203/204/205 · CCCS migration guidance · ETSI GS QKD 014
Deliverable — cryptographic inventory (excerpt)
TLS 1.2 · RSA-2048 · public APICRITICAL
IPsec VPN · ECDH P-256CRITICAL
SSH · ecdsa-sha2-nistp256HIGH
Code signing · RSA-3072HIGH
QKD key delivery · classical TLS (ETSI-014)CRITICAL
Data-at-rest · AES-256-GCMQUANTUM-SAFE
→ Roadmap: 14 systems · 6 critical · sequenced over 3 phases
Independent & vendor-neutral
We map what you have and what to do — not a disguised product pitch
Deep PQC engineering
Pure-Rust, zero-C PQC stack · 940+ machine-checked Lean 4 theorems
Standards-aligned
NIST FIPS 203/204/205 · CCCS guidance · disclosed to CCCS

Why now

NIST finalized the post-quantum standards (FIPS 203/204/205), and CCCS has published migration timelines for federal systems and critical infrastructure. The threat is harvest-now, decrypt-later: data encrypted with today's classical crypto can be captured now and decrypted once a cryptographically-relevant quantum computer exists. Migration is no longer optional — but you can't plan it until you know exactly what you have. That's what the audit gives you.

What we inventory

End-to-end across your estate — not just the obvious endpoints. Every place a quantum computer changes your risk.

TLS & HTTPS

Public and internal endpoints, cipher suites, key-exchange and certificate algorithms.

SSH & remote access

Host and user key algorithms, jump hosts, automation and CI credentials.

VPN & IPsec

Tunnels, IKE groups, and the classical key exchange protecting site-to-site traffic.

PKI & certificates

Internal CAs, certificate chains, signing algorithms, and crypto-agility of your PKI.

Key management & QKD

KMS, HSMs, and QKD key-delivery channels (ETSI-014) — including the classical TLS in front of them.

Signing & data-at-rest

Code signing, document signing, and at-rest encryption — flagging what's already quantum-safe.

What you get

A report your security team and your auditors can both use — executive summary plus technical appendix.

1 · Cryptographic inventory

Every system mapped to the algorithms it uses and where they're exposed — the single source of truth you don't currently have.

2 · Harvest-now risk ranking

Each finding rated Critical / High / Quantum-safe, weighted by data sensitivity and exposure, so you fix the right things first.

3 · Migration roadmap

A prioritized, sequenced plan mapped to NIST FIPS 203/204/205 and CCCS guidance — phased, costed, and realistic.

4 · Crypto-agility recommendations

How to structure systems so the next algorithm change is a config update, not another migration project.

Engagements

Start free. The Quantum Exposure Snapshot maps your public-facing risk in one scan; the paid audits go deep across your whole estate. Where a channel needs hardening now, PQTG is available — but the audit stands on its own.

Quantum Exposure Snapshot · Free
See your quantum-vulnerable crypto in one scan.

An automated scan of your public-facing endpoints — TLS, certificates, exposed SSH — with a short report flagging what a quantum computer will break. No install, no commitment. The full audits go deeper, inside your estate.

Get your free snapshot
Rapid Assessment
Contact us
2–3 weeks · available now
  • Focused inventory of key systems
  • Risk-ranked findings
  • Roadmap summary
  • Executive read-out
Start here
Full Migration Audit
Contact us
Most popular
  • End-to-end estate inventory
  • Per-system remediation plan
  • Standards mapping (NIST/CCCS)
  • Exec + technical report
  • Roadmap walkthrough
Book the audit
Advisory & Re-assessment
Custom · retainer
Ongoing
  • Migration support over time
  • Periodic re-assessment
  • Governance & reporting
  • Board / regulator briefings
Talk to us

Book an audit

Tell us about your environment. We'll reply with scope, fixed pricing, and a start date.

Prefer email? Write sylvain@paraxiom.org directly.