NIST FIPS 203 / 204 / 205 — Finalised August 2024

The encrypted data
your business depends on
is being collected today.

When quantum computers reach scale, that capture window becomes a decryption window. You do not get to choose when it closes.

$100B+ PKI assets at quantum risk
2030 EU / Australia quantum mandate
6 jurisdictions with hard deadlines
Request Pilot Access Book a Demo
The threat is already live

Adversaries are recording.
Not breaking. Yet.

Harvest Now, Decrypt Later attacks mean the data encrypted in 2015 is still sensitive in 2035. Every vulnerable cipher suite is a future liability. PostQ tells you what to migrate, in what order, and proves it when the audit lands.

Quantum-vulnerable Transitional / migrating Post-quantum safe
The path data travels

A single message crosses 12 cryptographic stations.

Alice's phone APP E2EE
Post-Quantum
5G Radio Cell tower nearby
Hybrid
Cloud Relay Signal / Meta / Apple
Quantum-vulnerable
5G Radio Cell tower near Bob
Hybrid
Bob's phone APP DECRYPTS
Post-Quantum

Every station is a potential attack surface. PostQ maps them all.

2030 Australia, EU
2031 UK, Canada
2034 China (≥80%)
2035 United States

6 jurisdictions. 36 months. Mandatory.

How PostQ works

From zero visibility to validated migration readiness.

Four structured phases. Full auditability at every step.

01

Discover

Automated CADI scanning identifies every cryptographic primitive, key, certificate, and algorithm across cloud, on-premises, and application code. No agent required. Output: a complete, auditable CBOM.

CBOM Generation Agentless Scan Cloud-native
02

Prioritize

Each asset is risk-scored against quantum exposure, business criticality, and migration complexity. The result is a sequenced backlog aligned to your actual threat posture, not a uniform checklist.

03

Plan

PostQ generates a structured migration roadmap with dependency mapping, timeline guidance, and NIST FIPS 203-206 alignment. Board-ready and audit-ready from day one.

04

Validate

AI-enabled red teaming and automated refactoring verify that newly deployed quantum-safe algorithms meet your compliance requirements and introduce no new vulnerabilities.

Who PostQ serves

Built for regulated infrastructure.

PostQ is deployed in environments where a misconfigured migration is not recoverable and where the regulator expects evidence.

Financial Services

Bank of England PRA expects PSQS-compliant migration roadmaps from systemically important institutions by 2026. PostQ delivers the CBOM, QBOM, and evidence package required.

DORA PCI DSS ML-KEM

Telecom

5G NR key hierarchies rely on ECDH and AES-128. PostQ maps every protocol layer from the RAN to the core, sequencing migration without service interruption.

3GPP SLH-DSA Network Slicing

Critical Infrastructure

SCADA and ICS environments contain long-lived RSA keys embedded in hardware. PostQ's agentless scanner identifies them without operational risk to OT networks.

NERC CIP ICS-CERT OT/IT

Cloud Platform Teams

Cloud KMS, certificate authorities, and API gateway TLS all require co-ordinated migration. PostQ's dependency graph prevents partial migrations that create new attack surfaces.

AWS KMS Azure Key Vault GCP HSM
Standards alignment

Built against published standards.

PostQ is built against published NIST standards and open frameworks, not proprietary scoring systems or internal benchmarks.

NIST FIPS 203 FINAL ML-KEM (CRYSTALS-Kyber): key encapsulation
NIST FIPS 204 FINAL ML-DSA (CRYSTALS-Dilithium): digital signatures
NIST FIPS 205 FINAL SLH-DSA (SPHINCS+): stateless hash-based signatures
NIST FIPS 206 IPD FN-DSA (FALCON): lattice-based signatures
CBOM / QBOM FINAL Cryptographic and quantum bill of materials frameworks
HQC SELECTED Code-based KEM alternative to ML-KEM, selected March 2025
NIST NCCoE Migration Building Block Consortium member (2025-2026) 30+ academic books and £3M+ funded research (Edinburgh Napier / Prof. Bill Buchanan OBE FRSE)

Know what is in your environment before an adversary does.

A PostQ cryptographic discovery takes hours, not months. The encrypted data your business depends on is being collected today. Start seeing it.

Request a Pilot Read the Investor Brief