NIST PQC Aligned Framework

Prepare Your Organization for the Quantum Era

QRAMM provides a structured, evidence-based approach to assess and improve your organization's readiness for post-quantum cryptography migration.

Take Quick Assessment Download Full Toolkit
Free & Open Source
120 Assessment Questions
Automated Compliance Mapping
Free Security Tools
Quantum Computer

Choose Your Path

Resources for Every Role

Whether you're building the business case, implementing controls, or mapping to compliance frameworks, QRAMM has you covered.

Security Leaders

Build the business case for quantum readiness with executive briefings and ROI analysis.

Explore Resources →

Security Practitioners

Get hands-on implementation guides, cryptographic inventory tools, and migration checklists.

Explore Resources →

Compliance Teams

Map QRAMM to NIST, ISO 27001, CMMC, FedRAMP, and other regulatory frameworks.

Explore Resources →

The Quantum Timeline

Why Organizations Must Act Now

Quantum computers capable of breaking current encryption are approaching. The time to prepare is now.

5-10
Years until cryptographically relevant quantum computers
3-7
Years for enterprise cryptographic migration
70%
Of organizations have no quantum readiness plan
Now
Adversaries harvesting encrypted data for future decryption

The Framework

Four Dimensions of Quantum Readiness

QRAMM provides comprehensive coverage across all aspects of cryptographic modernization.

1

Cryptographic Visibility & Inventory

CVI

Discover, catalog, and understand all cryptographic assets across your organization.

  • Cryptographic Discovery & Inventory Management
  • Vulnerability Assessment & Classification
  • Cryptographic Dependency Mapping
2

Strategic Governance & Risk Management

SGRM

Establish leadership commitment and systematic risk management for quantum threats.

  • Executive Leadership & Policy Management
  • Risk Assessment & Compliance Management
  • Third-Party & Supply Chain Risk
3

Data Protection Engineering

DPE

Implement quantum-safe data protection across all data states.

  • Data Classification & Protection Requirements
  • Storage Security & Encryption Management
  • Transit Security & Protocol Management
4

Implementation & Technical Readiness

ITR

Execute quantum-safe technology deployment with minimal business disruption.

  • Technology Infrastructure Assessment
  • Integration Planning & Implementation
  • Operational Readiness & Maintenance
Explore Full Framework →

Comprehensive Assessment Toolkit

The QRAMM Excel Toolkit provides everything you need to assess, score, and report on your organization's quantum readiness.

  • 120 Assessment Questions across 4 dimensions and 12 practices
  • Automated Scoring with weighted risk adjustments
  • Compliance Mapping to NIST, ISO 27001, CMMC, FedRAMP
  • Executive Dashboards with charts and visualizations
  • Maturity Roadmap with prioritized recommendations
Download Full Toolkit Learn More
Free Download QRAMM Toolkit Scorecard Preview

Open Source Tools

Free Tools for Quantum Readiness

Production-ready open source tools to help organizations discover, assess, and migrate their cryptographic infrastructure.

Available Now

CryptoScan

Cryptographic Discovery Scanner

Scan codebases for cryptographic vulnerabilities and quantum-risk algorithms. Supports 50+ detection patterns, multiple output formats (SARIF, CBOM, JSON), and remote Git repository scanning.

  • Detect RSA, ECDSA, AES, MD5, SHA-1, and more
  • Quantum risk classification for each finding
  • SARIF output for GitHub Security integration
  • CBOM generation for compliance
View on GitHub →
Available Now

TLS Analyzer

TLS/SSL Configuration Analysis

Analyze TLS configurations, cipher suites, and certificate chains for quantum vulnerabilities. CNSA 2.0 compliance tracking and CBOM generation.

  • CNSA 2.0 timeline assessment (2025-2035)
  • Quantum risk scoring and remediation guidance
  • Text, JSON, SARIF, HTML, and CBOM output formats
  • Policy-based scanning with custom YAML configs
View on GitHub →
Available Now

CryptoDeps

Dependency Crypto Analyzer

Analyze dependencies for cryptographic usage. Identify quantum-vulnerable algorithms in your npm, pip, Go, and Maven packages.

  • Scan Go, npm, Python, and Maven dependencies
  • Quantum risk classification (VULNERABLE, PARTIAL, SAFE)
  • CycloneDX CBOM and SARIF output
  • GitHub repository scanning
View on GitHub →
Available Now

PQC-Bench

PQC Recommendation Engine

"What post-quantum crypto should I use?" Get natural language recommendations for NIST algorithms with sector-specific guidance and SNDL threat assessment.

  • Natural language algorithm queries
  • 7 critical infrastructure sector guides
  • SNDL threat assessment
  • Library production-readiness checks
View on GitHub →
View All Tools on GitHub

Resource Library

Guides, Templates & Tools

Download practical resources to accelerate your quantum readiness journey.

Excel

QRAMM Assessment Toolkit

Complete assessment workbook with automated scoring and compliance mapping.

342 KB Excel (.xlsx)
Excel

Sample Assessment

Pre-filled example showing how a completed assessment looks with scores.

344 KB Excel (.xlsx)
PDF

Executive Brief

Board-ready summary of the quantum threat and QRAMM framework.

6 KB PDF (.pdf)
View All Resources →

Developed by CSNP

QRAMM is developed and maintained by CyberSecurity NonProfit (CSNP), a 501(c)(3) organization dedicated to advancing cybersecurity education and resources.

As presented at DEF CON 33

EF
Emily Fane Author, VP of CSNP Board
AF
Abdel Fane Co-Author, Executive Director