Towards a maturity model for crypto-agility assessment


Crypto-agility promises agile replacement of cryptographic building blocks and therewith supports context-aware and long-term security. To assess and evolve the degree of crypto-agility of one’s IT system, a commonly agreed model is helpful, but, to the best of our knowledge, does not exist. This work proposes the Crypto-Agility Maturity Model (CAMM), a maturity model for determining the state of crypto-agility of a given software or IT landscape. CAMM consists of five levels, for each level a set of requirements have been formulated based on literature review. Initial feedback from field experts confirms that CAMM has a well-designed structure and is easy to comprehend. Based on our model, the cryptographic agility of an IT landscape can be systematically measured and improved step by step. We expect that this will enable companies and institutions to respond better and faster to threats resulting from broken cryptographic schemes. This work serves to promote CAMM and encourage others to apply it in practice and further develop it jointly.

Foundations and Practice of Security. FPS 2022. Lecture Notes in Computer Science, vol 13877. Springer, Cham