Data & Asset Sensitivity Assessment
Classify your data assets, map compliance obligations across GDPR, HIPAA, NIS2, and CNSA 2.0, then generate a prioritized PQC migration list using NIST RMF, ISO 27005, FAIR, and DORA methodologies.
The threat means adversaries are collecting encrypted data today — storing it until a arrives to break it. The critical question is: which of your data is worth harvesting?
The answer depends on how sensitive the data is and how long it needs to remain confidential. You cannot prioritize your migration without first knowing what data assets you hold, how sensitive they are, and what compliance frameworks govern their protection.
“NIST SP 800-37 RMF Step 1 is ‘Prepare’ — and Step 2 is ‘Categorize’ your information systems. Data classification is not optional; it is the foundation of any risk-based approach to cryptographic migration.”
— NIST SP 800-37, Risk Management Framework
Know What You Have
Catalog every data asset, key, credential, and communication channel that uses public-key cryptography.
Know How Long It Stays
Data retained for 10+ years is already at HNDL risk if a CRQC arrives in the early 2030s.
Know Who Wants It
Nation-state adversaries prioritize long-retained, high-sensitivity data: defense, financial, healthcare.
Check off all sections and mark this reading done.