Is Your Cryptography Quantum-Ready?

Quantum computers will break today's encryption. CSNP provides free, open-source
tools to help you discover vulnerabilities and prepare for the post-quantum transition.

The Quantum Threat Timeline

Cryptographically Relevant Quantum Computers (CRQCs) are expected within 5-10 years. Organizations must act now—migration takes longer than the threat timeline.

Harvest Now, Decrypt Later (HNDL)

Adversaries are already collecting encrypted data today to decrypt once quantum computers arrive. Sensitive data with long-term value—trade secrets, medical records, government communications—is at risk now.

2024

NIST Standards Finalized

ML-KEM, ML-DSA, and SLH-DSA become official post-quantum cryptography standards

2025

NSA CNSA 2.0 Transition

National security systems begin mandatory transition to quantum-resistant algorithms

2030

Software Migration Deadline

All software and firmware must implement quantum-resistant cryptography

2035+

Quantum Computers Arrive

CRQCs expected to break RSA-2048, ECC, and current encryption standards

ELLIPTIC CURVE CRYPTOGRAPHY

Vulnerable to Shor's Algorithm

y² = x³ - x + 1

Point addition on E(ℝ)

P Q P+Q

Start Your Quantum Readiness Journey

Free, production-ready tools to discover quantum-vulnerable cryptography in your systems. No signup required—download and run today.

New to quantum readiness? Start with CryptoScan to discover what cryptographic algorithms your codebase uses.

CryptoScan

Available Now

Discover and inventory cryptographic assets in your codebase. Scans source code, configurations, and dependencies to identify cryptographic implementations vulnerable to quantum attacks.

Key Features

  • Detects RSA, ECDSA, AES, MD5, SHA-1 and more
  • Classifies findings by quantum vulnerability level
  • SARIF output for GitHub Security integration
  • Generates CycloneDX Cryptographic BOM (CBOM)
View on GitHub

CryptoDeps

Available Now

Identify quantum-vulnerable cryptographic algorithms hiding in your software dependencies. Analyzes Go, npm, Python, and Maven packages for cryptographic usage and quantum risk exposure.

Key Features

  • Scans Go, npm, Python, and Maven dependencies
  • Quantum risk classification (VULNERABLE, PARTIAL, SAFE)
  • Workspace & monorepo support (npm, pnpm, Go)
  • Direct GitHub repository scanning
View on GitHub

TLS Analyzer

Available Now

Analyze TLS/SSL configurations across your infrastructure for quantum readiness. Evaluates cipher suites, protocols, and certificates against CNSA 2.0 compliance timelines.

Key Features

  • Scans TLS configurations and certificates
  • CNSA 2.0 compliance timeline assessment
  • Generates detailed HTML security reports
  • Bulk endpoint scanning capability
View on GitHub

CryptoServe

Available Now

Enterprise cryptography as a service. Provides a unified API for encryption, signatures, and key management with built-in support for NIST post-quantum algorithms.

Key Features

  • 275+ cryptographic API endpoints
  • NIST PQC: ML-KEM, ML-DSA, SLH-DSA support
  • FIPS 140-2/3 validated cryptography
  • Hybrid classical + post-quantum modes
View on GitHub
Explore All Tools

The QRAMM Framework

A structured methodology for assessing and improving your organization's quantum readiness across four integrated dimensions

CVI

Cryptographic Visibility & Inventory

Discover, catalog, and continuously monitor all cryptographic assets across your organization including certificates, keys, algorithms, and protocols. Build a complete cryptographic bill of materials (CBOM) to understand your exposure.

SGRM

Strategic Governance & Risk Management

Establish quantum-aware security policies, assess risks to cryptographic assets, and create prioritized migration roadmaps. Define ownership, accountability, and compliance requirements for the post-quantum transition.

DPE

Data Protection Engineering

Implement quantum-safe encryption for data at rest and in transit. Evaluate hybrid cryptographic approaches, key encapsulation mechanisms (KEMs), and digital signature algorithms aligned with NIST PQC standards.

ITR

Implementation & Technical Readiness

Deploy post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) across infrastructure. Maintain crypto-agility to swap algorithms without major refactoring. Integrate with DevSecOps pipelines for continuous validation.

Maturity Scoring System

Basic (1.0-1.5)
Developing (1.6-2.5)
Established (2.6-3.5)
Advanced (3.6-4.5)
Optimizing (4.6-5.0)
Learn More
View on GitHub

QRAMM Resources

Tools and templates to help you implement QRAMM in your organization

QRAMM Assessment Toolkit

Excel toolkit with automated scoring, dimension breakdowns, and practice-level heatmaps for conducting QRAMM assessments

Download toolkit

Implementation Resources

Comprehensive guides, compliance templates, and documentation for implementing QRAMM in your organization

View resources

GitHub Repository

Full QRAMM framework documentation, open source tools, and community resources maintained by CSNP

View on GitHub

Ways to Support Our Mission

Choose the support option that best aligns with your interests and capabilities

Financial Support

Donate to fund our mission of providing free cybersecurity education to everyone.

  • One-time Donation
  • Corporate Giving
Learn more

Corporate Partnerships

Partner with us to boost your ESR efforts and support cybersecurity education.

  • Sponsorship Opportunities
  • Strategic Partnerships
Learn more

In-Kind Support

Contribute tools, software, or services to support our educational programs.

  • Software Donations
  • Service Donations
Learn more
Learn about our mission