CAMM related

Projects and Activities

Migration to Post-Quantum Cryptography project (NIST NCCoE)

The National Cybersecurity Center of Excellence (NCCoE) is collaborating with stakeholders in the public and private sectors to bring awareness to the challenges involved in migrating from the current set of public-key cryptographic algorithms to quantum-resistant algorithms.

Project website and preliminary draft

PKI maturity model (PKIMM)

A maturity model with a focus on public key infrastructures. In our best estimation, this initiative will have to deal with PQC migration issues in the not too distant future.

Model website and Working Group Charter

Tools

Tools for (Automated) Cryptographic Inventories (cf. CAMM requirement 1.4).

Although for the first tool, PQC algorithms are not yet tested here, this tool could be used as a starting point for a tool that helps to build a cryptography inventory

• Testing TLS/SSL encryption
• InfoSec Global: AgileSec™ Analytics
• Entrust: AgileScan Analytics
• SandBoxAQ: AQtive Guard: Discover
• Santander Security Research: Cryptoinventory Data Model PoC
• Open Source Detection Tool by our group. See related publication On Criteria and Tooling for Cryptographic Inventories. https://doi.org/10.18420/sicherheit2024_003

Publications

• Nähter et al. „Migrating Software Systems Toward Post-Quantum Cryptography–A Systematic Literature Review“ (2024)
• Nähter et al. „Toward a Common Understanding of Cryptographic Agility–A Systematic Review“ (2025) (PrePrint)
• Varner et al. „Agile, post-quantum secure cryptography in avionics“ (2025)

Updated: 22.05.2025