A systematic approach to think about "how and where to start planning" to migrate quantum-vulnerable cryptography. What do you do if your CEO comes to you and says let's make our system quantum safe. ![[Pasted image 20241216144503.png]] ### Information to describe use cases 1. **Description:** A general description of the use case with details material to this analysis. 2. **Discovery / Inventory:** Analysis on how to discover instances of this use case and/or a recommendation as to what data elements should appear in a related inventory. 3. **Migration Considerations:** The key factors to be aware of when planning a migration of cryptographic algorithms, and as preparatory elements which should a priori be in place in order to be cryptographically agile. 4. **Cutover Strategy:** Direction and analysis of what is involved in actually implementing the migration. 5. **Governance:** Elements that should be in place to assist with the overall governance of the migration, preparatory work to be cryptographically agile, and post-migration monitoring. [[Crypto Agility Use Cases]] [[The Pillars of Cryptographic Discovery and Inventory - A Blueprint for Post-Quantum Security]] [[Why Cryptographic Inventory Matters]]