Q-Day readiness

Everything you need before Q-Day

Understand the threat, map your deadlines, and run a live inventory — with evidence your board and auditors can verify.

Run Q-Day scan Explore Assess

Mosca calculator

If X + Y > Z, harvest-now-decrypt-later exposure requires action now.

X — Data shelf-life (years)Y — Migration runway (years)Z — Quantum timeline (years)

10 + 5 = 15 vs Z = 8

Inequality holds — HNDL exposure today.

Deadlines

Framework timeline

Regulated teams track multiple clocks. Inventory now — migrate on your tier.

FIPS 203 / 204 / 205

Available now (2024)

ML-KEM, ML-DSA, and SLH-DSA standards published — migration can start.

PCI-DSS 4.0

2025–ongoing

Crypto agility and inventory expectations for payment environments.

CMMC 2.0

2026–2030

Defense contractors need crypto inventory evidence for Level 2 audits.

NIST IR 8547

2030

Transition guidance for federal and regulated-adjacent organizations.

CNSA 2.0

2030–2033

NSA suite migration tiers for national-security systems.

NSM-10

2035

Federal mandate to migrate away from quantum-vulnerable algorithms.

Framework guides

Compliance pillar content

Long-form guides mapped to NSM-10, CNSA 2.0, PCI-DSS, CMMC, and ML-KEM migration.

2035

NSM-10 compliance guide

National Security Memorandum on post-quantum cryptography

Read guide →

2030–2033

CNSA 2.0 guide

Commercial National Security Algorithm Suite 2.0

Read guide →

2030

NIST IR 8547 primer

Transitioning to post-quantum cryptography standards

Read guide →

2025–ongoing

PCI-DSS 4.0 crypto agility

Cryptographic agility and key management requirements

Read guide →

2026–2030

CMMC crypto inventory

Federal contractor cryptographic inventory expectations

Read guide →

Available 2024

ML-KEM migration guide

Module-Lattice-Based Key-Encapsulation Mechanism standard

Read guide →

Risk analysis ongoing

HIPAA & harvest-now-decrypt-later

HIPAA Security Rule and long data shelf-life

Read guide →

Phased enforcement

EU CRA & post-quantum readiness

EU Cyber Resilience Act product security

Read guide →

Resources

Start with the fundamentals

What is Q-Day?

When cryptographically relevant quantum computers break today's public-key crypto.

Read guide →

Harvest now, decrypt later

Why data encrypted today is already at risk — even before Q-Day arrives.

Read guide →

Mosca inequality

The X + Y > Z rule CISOs use to quantify HNDL exposure.

Read guide →

Compliance deadlines

NSM-10, CNSA 2.0, NIST IR 8547, CMMC, and PCI-DSS timelines.

Read guide →

CycloneDX CBOM

Machine-readable crypto bill of materials for your GRC toolchain.

Read guide →

Hybrid TLS proof

What the PQ handshake appendix means for migration evidence.

Read guide →

Readiness score

How Qtangl scores exposure, coverage, and deadline pressure.

Read guide →

Why spreadsheets fail

Manual crypto inventories miss drift, JWKS, and STARTTLS.

Read guide →

Crypto agility checklist

Twenty-point self-audit worksheet for inventory, deadlines, and monitoring.

Read guide →

Try it

Sample artifacts

See what a Qtangl assessment exports before you run your own scan.

Run live scanner Free mini-assessment Verify a report Download sample CBOM Sample signed report Crypto agility checklist Executive briefing (PDF)

By industry

Vertical readiness playbooks

Banking & financial services Government & defense Healthcare payers