PQC Migration Guide
A 7-phase migration framework aligned with NIST, NSA CNSA 2.0, CISA, and ETSI guidance.
Data Source: quantum_safe_cryptographic_software_reference_02242026.csv • Updated: 2/24/2026
Step 1: Assessment & Inventory
Est. duration: 4-8 weeksDiscover and catalog all cryptographic assets, algorithms, protocols, and dependencies across your organization. Build a Cryptographic Bill of Materials (CBOM) to understand your quantum-vulnerable attack surface.
Key Tasks
- Build cryptographic inventory
Catalog all cryptographic libraries, modules, and SDKs in use across applications and infrastructure.
- Map certificate chains and PKI dependencies
Document all X.509 certificate hierarchies, root CAs, intermediate CAs, and trust anchors.
- Identify quantum-vulnerable algorithms
Flag all RSA, ECDSA, ECDH, DH, and DSA usage. Assess key sizes and deprecation timelines per NIST IR 8547.
- Assess data retention risk (HNDL)
Identify data with long confidentiality requirements (10+ years) vulnerable to Harvest Now, Decrypt Later attacks.
- Deploy cryptographic discovery tools
Use automated scanning tools to detect cryptographic usage in CI/CD pipelines, network traffic, and stored data.
Framework Alignment
NIST IR 8547Inventory phase
CISAInventory & Risk Assessment
ETSI TR 103 619Asset Inventory
Enterprise Infrastructure Stack
Select a layer to view post-quantum cryptographic software options.
Reference Catalog
Product | Layer | Category | PQC Support | License | FIPS | |
|---|---|---|---|---|---|---|
01 Quantum IronCAP Current | Application Servers & Software | Cryptographic Libraries | Yes (NIST-aligned PQC) | Commercial | Partial | |
Adobe Acrobat Sign Current | Application Servers & Software | Digital Signature Software | No | Commercial | No | |
Adva Network Security FSP 3000 S-Flex FSP 3000 S-Flex 400G | Network | Network Encryptors | Yes (Hybrid PQC + Classical) | Commercial | Partial | |
AMD SEV-SNP (Secure Encrypted Virtualization) EPYC Genoa/Bergamo (4th Gen) | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Planned | Commercial (AMD) | No | |
Android 16 16 | Operating System | Operating Systems | Yes (Native API support) | Apache-2.0 | Partial | |
Apache HTTP Server 2.4.60+ | Application Servers & Software | Application Servers | Yes (via OpenSSL) | Apache-2.0 | No | |
Apple codesign Xcode 16.x | Application Servers & Software | Code Signing and Software Integrity | No | Commercial | No | |
Apple PQ3 / CoreCrypto iOS 26.3 | Application Servers & Software | Secure Messaging and Communication | Yes (ML-KEM ML-DSA Hybrid HPKE) | Commercial | Validated | |
Apple Safari 18.0+ | Application Servers & Software | Web Browsers | Yes (ML-KEM) | Freeware | Partial | |
AppViewX CERT+ Current | Security Stack | Certificate Lifecycle Management | Planned | Commercial | No | |
ARM Confidential Compute Architecture (CCA) ARMv9-A (Cortex-A Series) | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Planned | Commercial (ARM) | No | |
ARM Trusted Firmware (TF-A) 2.14.0 | Hardware & Secure Elements | Secure Boot and Firmware Security | No | BSD-3-Clause | No | |
Arqit Encryption Intelligence Current | Cloud | Cryptographic Agility Frameworks | Yes (Crypto Discovery and Migration) | Commercial | No | |
Atalla AT1000e AT1000e | Application Servers & Software | Payment Cryptography Systems | No | Commercial | Validated | |
Auth0 (Okta Customer Identity) Current | Security Stack | Customer Identity & Access Management (CIAM) | Planned | Commercial (SaaS) | No | |
AWS Application Load Balancer (ALB) Current | Cloud | Cloud Encryption Gateways | Yes (Hybrid ML-KEM TLS) | Commercial (AWS) | Validated | |
AWS CloudHSM Current | Cloud | Cloud Hardware Security Module (HSM) | Planned | Commercial (AWS) | Validated | |
AWS KMS Current | Cloud | Cloud Key Management Service (KMS) | Limited (Hybrid PQC TLS) | Commercial (AWS) | Validated | |
AWS KMS (Cloud Gateway) Current | Cloud | Cloud Encryption Gateways | Limited (Hybrid PQC TLS) | Commercial (AWS) | Validated | |
AWS s2n-tls 1.7.0 | Application Servers & Software | TLS/SSL Implementation Software | Yes (ML-KEM hybrid) | Apache-2.0 | No | |
AWS-LC v1.68.0 | Application Servers & Software, Security Stack | Cryptographic Libraries | Yes (ML-KEM ML-DSA) | Apache-2.0/ISC | Validated | |
Azure Dedicated HSM Current | Cloud | Cloud Hardware Security Module (HSM) | Planned | Commercial (Microsoft) | Validated | |
Azure Key Vault Current | Cloud | Cloud Key Management Service (KMS) | Planned | Commercial (Microsoft) | Validated | |
BitLocker (Windows) Windows 11 24H2 | Application Servers & Software | Disk and File Encryption Software | No | Commercial | Validated | |
BoringSSL Rolling | Application Servers & Software | TLS/SSL Implementation Software | Yes (ML-KEM) | OpenSSL/ISC | Validated | |
Botan 3.10.0 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA SLH-DSA McEliece FrodoKEM) | BSD-2 | No | |
Bouncy Castle C# .NET 2.6.2 | Application Servers & Software, Security Stack | Cryptographic Libraries | Yes (HQC ML-KEM) | MIT/Bouncy Castle License | Validated | |
Bouncy Castle Java 1.83 | Application Servers & Software, Security Stack | Cryptographic Libraries | Yes (ML-KEM ML-DSA SLH-DSA HQC) | MIT/Bouncy Castle License | Validated | |
Bouncy Castle Java LTS 2.73.9 | Application Servers & Software, Security Stack | Cryptographic Libraries | Yes (ML-DSA composite signatures) | Bouncy Castle License | Partial | |
BTQ Bitcoin Quantum Testnet | Application Servers & Software | Blockchain and Cryptocurrency Software | Yes (ML-DSA) | Open Source | No | |
Check Point Quantum R82 | Network | Network Security Software | Yes (ML-KEM Quantum-safe VPN) | Commercial | Partial | |
Ciena WaveLogic 6 Extreme WaveLogic 6 Extreme (2026) | Network | Network Encryptors | Yes (PQC + QKD hybrid) | Commercial | No | |
Cisco IOS XE PQC IOS XE 26 | Operating System | Network Security Software | Yes (Full-Stack PQC NIST Algorithms) | Commercial | Validated | |
citadel_pqcrypto Current | Application Servers & Software | Cryptographic Libraries | Yes (Kyber NTRU+) | Apache-2.0/MIT | No | |
Cloudflare CIRCL 1.6.3 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA hybrids) | Apache-2.0 | No | |
Cloudflare Edge Network Current | Cloud | Cloud Encryption Gateways | Yes (X25519MLKEM768 enabled by default) | Commercial | Partial | |
CockroachDB Encryption 25.2 | Database | Database Encryption Software | No | BSL/CockroachDB License | No | |
coreboot 24.12 | Hardware & Secure Elements | Secure Boot and Firmware Security | No | GPLv2 | No | |
Cosmian covercrypt Current | Application Servers & Software | Cryptographic Libraries | Yes (KEMAC Hybrid) | Apache-2.0 | No | |
Crypto4A QxHSMNew QxOS 5 | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (ML-KEM FIPS 203 ML-DSA FIPS 204 SLH-DSA FIPS 205 LMS) | Commercial | Validated | |
Cryptomathic CKMS Current | Application Servers & Software | Payment Cryptography Systems | Planned | Commercial | No | |
Cryptosense Analyzer Current | Cloud | Cryptographic Agility Frameworks | Yes (PQC readiness) | Commercial | No | |
CRYSTALS Reference Implementations FIPS 203/204 Final | Application Servers & Software | Post-Quantum Cryptography Libraries | Yes (ML-KEM-512/768/1024 ML-DSA-44/65/87) | Public Domain | No | |
CyberArk Conjur Current | Security Stack | Secrets Management | Planned | Commercial | Partial | |
DigiCert SigningHub Current | Application Servers & Software | Digital Signature Software | Planned | Commercial | Partial | |
DigiCert Software Trust Manager Current | Application Servers & Software | Code Signing and Software Integrity | Planned | Commercial | Partial | |
DigiCert Trust Lifecycle Manager Current | Security Stack | Certificate Lifecycle Management | Yes (Hybrid PQC Certificates ML-DSA) | Commercial | Partial | |
DocuSign Current | Application Servers & Software | Digital Signature Software | No | Commercial | No | |
EJBCA 9.x | Security Stack | Certificate Lifecycle Management | Yes (via Bouncy Castle) | LGPL/Enterprise | Partial | |
Entrust KeyControl 10.4.3 | Security Stack | Key Management Systems (KMS) | Yes (ML-KEM ML-DSA SLH-DSA) | Commercial | Validated | |
Entrust nShield 13.x | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (Hybrid PQC) | Commercial | Validated | |
Entrust PKI Current | Security Stack | Public Key Infrastructure (PKI) Software | Yes (Hybrid PQC via nShield) | Commercial | Validated | |
Entrust Signing Automation Current | Application Servers & Software | Digital Signature Software | Planned | Commercial | Partial | |
Envoy Proxy 1.37+ | Application Servers & Software | Application Servers | Yes (via BoringSSL) | Apache-2.0 | Partial | |
ExpressVPN Lightway Current | Network | VPN and IPsec Software | Yes (ML-KEM Hybrid via wolfSSL) | Proprietary | Partial | |
F5 BIG-IP 17.5.x | Network | Network Security Software | Yes (ML-KEM TLS Hybrid) | Commercial | Validated | |
FileVault (macOS) macOS 26.3 | Operating System | Disk and File Encryption Software | No | Commercial | Partial | |
ForgeRock Identity Cloud Current | Security Stack | Customer Identity & Access Management (CIAM) | Planned | Commercial | Partial | |
Fortanix Data Security Manager Current | Cloud | Cloud Encryption Gateways | Planned | Commercial | Validated | |
Fortinet FortiOS 7.6.5 | Operating System | Network Security Software | Yes (ML-KEM BIKE HQC Frodo IPsec PQC) | Commercial | Partial | |
Forward Edge-AI Isidore Quantum Current | Network | Network Security Software | Yes (ML-KEM AES-256 GCM) | Commercial | Validated | |
Futurex Cloud Current | Cloud | Cloud Encryption Gateways | Yes (ML-KEM ML-DSA PCI Validated) | Commercial | Partial | |
Futurex CryptoHub June 2025 FW | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (PCI HSM Validated PQC) | Commercial | Partial | |
Futurex Vectera Plus Current | Application Servers & Software | Payment Cryptography Systems | Planned | Commercial | Validated | |
GlobalSign Digital Signing Service Current | Application Servers & Software | Digital Signature Software | No | Commercial | No | |
GnuPG 2.5.x | Application Servers & Software | Email Encryption Software | Yes (ML-KEM-768+X25519 Composite KEM) | GPLv3 | No | |
GnuTLS 3.8.12 | Application Servers & Software | TLS/SSL Implementation Software | Yes (ML-KEM X25519MLKEM768 ML-DSA via leancrypto) | LGPLv2.1+ | No | |
Go stdlib crypto/mlkem 1.26 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM Hybrid PQC TLS) | BSD-3-Clause | Partial | |
go-jose v4 4.1.3 | Application Servers & Software | API Security and JWT Libraries | No | Apache-2.0 | No | |
Google ALTS Current | Application Servers & Software | TLS/SSL Implementation Software | Yes (NTRU-HRSS+X25519) | Apache-2.0 | No | |
Google Chrome 131+ | Application Servers & Software | Web Browsers | Yes (ML-KEM) | Freeware | No | |
Google Cloud HSM Current | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (via Cloud KMS PQC key types) | Commercial (Google) | Validated | |
Google Cloud KMS Current | Cloud | Cloud Key Management Service (KMS) | Yes (ML-KEM GA / ML-DSA Preview) | Commercial (Google) | Validated | |
Google Cloud KMS (Cloud Gateway) Current | Cloud | Cloud Encryption Gateways | Yes (ML-KEM GA / ML-DSA Preview) | Commercial (Google) | Validated | |
Google Tink 1.20.0 | Application Servers & Software, Security Stack | Cryptographic Libraries | Planned (ML-DSA SLH-DSA ML-KEM in progress) | Apache-2.0 | Partial | |
GPG Code Signing 2.5.x | Application Servers & Software | Code Signing and Software Integrity | Yes (ML-KEM-768+X25519 Composite KEM) | GPLv3 | No | |
HAProxy 3.1.x | Application Servers & Software | Application Servers | Yes (via OpenSSL/liboqs) | GPLv2/Commercial | No | |
HashiCorp Vault 1.21.2 | Security Stack | Key Management Systems (KMS) | Yes (ML-DSA SLH-DSA in Transit experimental) | BUSL-1.1/Enterprise | Partial | |
Hitachi DoMobile Ver.5 | Application Servers & Software | Remote Access and VDI Software | Yes (ML-KEM FIPS 203) | Commercial | Validated | |
HQC Algorithm N/A | Application Servers & Software | Cryptographic Libraries | Yes (HQC) | Apache-2.0 (PQClean) | No | |
IBM Guardium Key Lifecycle Manager 5.1 | Security Stack | Key Management Systems (KMS) | Planned (via Guardium Cryptography Manager) | Commercial (IBM) | Validated | |
IBM Guardium Quantum Safe Current | Security Stack | Cryptographic Discovery Platforms | Yes (Quantum-Safe Posture Management) | Commercial (IBM) | No | |
IBM Quantum Safe Toolkit Current | Application Servers & Software | Post-Quantum Cryptography Libraries | Yes (ML-KEM ML-DSA SLH-DSA Hybrid) | Commercial/Apache-2.0 | Validated | |
IBM Security Guardium Data Protection 12.x | Security Stack | Data Security & Protection | Planned | Commercial | Validated | |
ID Quantique Cerberis XGR QKD Cerberis XGR | Hardware & Secure Elements | Quantum Key Distribution Software | Yes (QKD + PQC hybrid) | Commercial | No | |
ID Quantique Quantis QRNG Quantis 2.0 (PCIe/USB) | Hardware & Secure Elements | Quantum Random Number Generator (QRNG) | Yes (Quantum entropy source for PQC) | Commercial | Validated | |
Imperva WAFNew Current | Network | Network Security Software | Planned | Commercial | No | |
Intel TDX (Trust Domain Extensions) Xeon 5th Gen (Emerald Rapids) | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Planned | Commercial (Intel) | No | |
iOS 26 / macOS 26 iOS 26.3 macOS 26.3 | Operating System | Operating Systems | Yes (PQ3 HPKE with ML-KEM ML-DSA) | Commercial | Partial | |
ISARA Radiate Current | Cloud | Cryptographic Agility Frameworks | Yes (Core focus) | Commercial | Partial | |
JFrog Artifactory Current | Application Servers & Software | CI/CD & Artifact Management | Planned | Commercial | Partial | |
jose4j 0.9.6 | Application Servers & Software | API Security and JWT Libraries | No | Apache-2.0 | No | |
jsonwebtoken (auth0) 9.0.2 | Application Servers & Software | API Security and JWT Libraries | No | MIT | No | |
Juniper Junos OS 25.4R1 | Operating System | Network Operating Systems | Yes (RFC 8784 PQC PSK ML-DSA) | Commercial | Partial | |
Keycloak 26.x | Security Stack | Identity & Access Management (IAM) | Planned | Apache-2.0 | No | |
Keyfactor AgileSec Analytics 2025 Release | Cloud, Security Stack | Cryptographic Discovery Platforms | Yes (Crypto Discovery and Agility) | Commercial | Partial | |
Keyfactor Command 24.x | Security Stack | Certificate Lifecycle Management | Yes (Hybrid PQC certificates) | Commercial | Validated | |
Keyfactor EJBCA Enterprise 9.x | Security Stack | Public Key Infrastructure (PKI) Software | Yes | Commercial | Validated | |
Kong API Gateway 3.9.x | Application Servers & Software | API Security and JWT Libraries | Planned (Gateway API proposals) | Apache-2.0/Commercial | No | |
leancrypto Current | Application Servers & Software | Cryptographic Libraries | Yes (SHA-3 SHAKE Ascon HQC) | GPL-2.0+/BSD/Leancrypto | Partial | |
liboqs 0.15.0 | Application Servers & Software, Security Stack | Post-Quantum Cryptography Libraries | Yes (ML-KEM ML-DSA SLH-DSA BIKE HQC FrodoKEM Classic McEliece NTRU) | MIT (mixed) | No | |
liboqs-rust (oqs crate) 0.11.0 | Application Servers & Software | Cryptographic Libraries | Yes (All liboqs algorithms) | Apache-2.0/MIT | No | |
LibreSSL 4.2.1 | Application Servers & Software | TLS/SSL Implementation Software | Yes (ML-KEM 768/1024 imported from BoringSSL - not yet public API) | OpenBSD/ISC | No | |
Linux IMA/EVM 6.13 | Hardware & Secure Elements | Secure Boot and Firmware Security | No | GPLv2 | No | |
LUKS/dm-crypt 2.7.5 | Application Servers & Software | Disk and File Encryption Software | No | GPLv2+ | No | |
Marvell LiquidSecurity 2 LiquidSecurity 2 | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Planned | Commercial | Validated | |
Microsoft AD CS Windows Server 2025 | Security Stack | Public Key Infrastructure (PKI) Software | Planned | Commercial | Partial | |
Microsoft Edge 131+ | Application Servers & Software | Web Browsers | Yes (ML-KEM) | Freeware | No | |
Microsoft Outlook S/MIME Microsoft 365 | Application Servers & Software | Email Encryption Software | Planned | Commercial | Partial | |
Microsoft SignTool Windows SDK | Application Servers & Software | Code Signing and Software Integrity | Planned | Commercial | Partial | |
Microsoft SymCrypt v103.9.1 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA XMSS LMS) | Commercial | Partial | |
mlkem-native 1.0.0 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM) | Apache-2.0/MIT/ISC | No | |
MongoDB Queryable Encryption 8.0 | Database | Database Encryption Software | No | SSPL/Commercial | No | |
Mozilla Firefox 132+ | Application Servers & Software | Web Browsers | Yes (ML-KEM) | MPLv2 | No | |
Mullvad VPN App 2025.14 | Network | VPN and IPsec Software | Yes (WireGuard PQC) | GPLv3 | Partial | |
MySQL Enterprise Encryption 9.2 | Database | Database Encryption Software | No | Commercial/GPLv2 | No | |
Nginx 1.28.x (stable) / 1.29.x (mainline) | Application Servers & Software | Application Servers | Yes (via OpenSSL/BoringSSL) | 2-clause BSD | No | |
Nimbus JOSE+JWT 10.x | Application Servers & Software | API Security and JWT Libraries | No | Apache-2.0 | No | |
Node.js 22.x LTS | Application Servers & Software | Application Servers | No (Awaiting OpenSSL upgrade) | MIT | No | |
Notary Project 1.2.x | Application Servers & Software | Code Signing and Software Integrity | No | Apache-2.0 | No | |
Nvidia cuPQC Current | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA Optimized) | Nvidia License | No | |
Okta Integration Network Current | Application Servers & Software | API Security and JWT Libraries | Planned | Commercial (SaaS) | Partial | |
Okta Workforce Identity Current | Security Stack | Identity & Access Management (IAM) | Planned | Commercial (SaaS) | Partial | |
OpenSSH 10.2p1 | Application Servers & Software | SSH Implementation Software | Yes (mlkem768x25519-sha256 default) | BSD | No | |
OpenSSL 3.6.1 | Application Servers & Software, Security Stack | Cryptographic Libraries | Yes (ML-KEM ML-DSA SLH-DSA in v3.5+) | Apache-2.0 | Validated | |
oqs-provider 0.11.0 | Application Servers & Software | Post-Quantum Cryptography Libraries | Yes (All liboqs algorithms) | MIT | No | |
Oracle Key Vault 21.13 | Security Stack | Key Management Systems (KMS) | No (Planned via Oracle ecosystem) | Commercial (Oracle) | Partial | |
Oracle TDE 23ai | Database | Database Encryption Software | No | Commercial | Validated | |
Palo Alto PAN-OS 12.1 Orion | Network | Network Security Software | Yes (ML-KEM ML-DSA Cipher Proxy) | Commercial | Partial | |
Ping Identity PingFederate 12.x | Security Stack | Identity & Access Management (IAM) | Planned | Commercial | Validated | |
PostgreSQL pgcrypto 17.2 | Database | Database Encryption Software | No | PostgreSQL License | No | |
PQClean Current | Application Servers & Software | Post-Quantum Cryptography Libraries | Yes (ML-KEM ML-DSA SLH-DSA HQC Falcon) | Public Domain/CC0 | No | |
pqcrypto 0.18.1 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA SLH-DSA + Pre-Standard) | Apache-2.0/MIT | No | |
pqm4 Current | Application Servers & Software | Cryptographic Libraries | Yes (NIST PQC Suite) | Apache-2.0/MIT/CC0 | No | |
PQShield PQSDK Current | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA Falcon) | Commercial | Validated | |
Project Eleven Solana PQC Testnet | Application Servers & Software | Blockchain and Cryptocurrency Software | Yes (ML-DSA) | Open Source | No | |
Proton Mail 4.x | Application Servers & Software | Email Encryption Software | Yes (Kyber/ML-KEM Hybrid) | Open Source (Server proprietary) | No | |
Quantinuum Quantum Origin Current | Hardware & Secure Elements | Quantum Random Number Generator (QRNG) | Yes (Quantum entropy for PQC keys) | Commercial (SaaS) | No | |
Quantum Bridge Subsea QKD Current | Hardware & Secure Elements | Quantum Key Distribution Software | Yes (QKD + PQC hybrid) | Commercial | No | |
QuintessenceLabs qStream qStream 200 | Hardware & Secure Elements | Quantum Random Number Generator (QRNG) | Yes (Quantum entropy source) | Commercial | Partial | |
QuSecure QuProtect R3 R3 | Cloud | Cryptographic Agility Frameworks | Yes (Crypto-Agility Platform) | Commercial | No | |
RustCrypto ml-dsa 0.0.4 | Application Servers & Software | Cryptographic Libraries | Yes (ML-DSA) | Apache-2.0/MIT | No | |
RustCrypto ml-kem 0.3.0 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM) | Apache-2.0/MIT | No | |
RustCrypto slh-dsa 0.1.0 | Application Servers & Software | Cryptographic Libraries | Yes (SLH-DSA) | Apache-2.0/MIT | No | |
rustls 0.23.36 | Application Servers & Software | TLS/SSL Implementation Software | Yes (via aws-lc-rs) | Apache-2.0/MIT | No | |
SafeLogic CryptoComply Go v4.0 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA SLH-DSA Hybrid) | Commercial | Validated | |
Samsung S3SSE2A eSE S3SSE2A | Hardware & Secure Elements | Hardware Security and Semiconductors | Yes (ML-KEM Hardware Accelerated) | Commercial | No | |
SandboxAQ AQtive Guard Current | Cloud, Security Stack | Cryptographic Discovery Platforms | Yes (Cryptographic Discovery and Migration) | Commercial | No | |
SandboxAQ Sandwich 0.3.0+ | Application Servers & Software | Cryptographic Libraries | Yes (Agile API liboqs backend) | AGPL-3.0 | No | |
SAP Cryptographic Library 8.6 | Application Servers & Software | Cryptographic Libraries | Yes (ML-KEM ML-DSA) | Commercial | Validated | |
SEALSQ Quantum Shield QS7001 | Hardware & Secure Elements | Hardware Security and Semiconductors | Yes (Post-Quantum Trust Anchors) | Commercial | No | |
Sectigo Certificate Manager Current | Security Stack | Certificate Lifecycle Management | Planned | Commercial | Partial | |
Securosys CloudHSMNew Current | Cloud | Cloud Hardware Security Module (HSM) | Yes (ML-KEM ML-DSA SLH-DSA HSS-LMS XMSS) | Commercial | Validated | |
Securosys Primus HSM Current | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (ML-KEM ML-DSA SLH-DSA HSS-LMS XMSS) | Commercial | Validated | |
Senetas CN7000 Series CN7000 Series (2025) | Network | Network Encryptors | Yes (All NIST PQC algorithms) | Commercial | Partial | |
Signal v0.87.4 | Application Servers & Software | Secure Messaging and Communication | Yes (PQXDH + PQ-enhanced Double Ratchet) | GPLv3 | No | |
SignServer 6.x | Application Servers & Software | Digital Signature Software | Yes (via modules) | LGPL/Commercial | Partial | |
sigstore/cosign 2.4.x | Application Servers & Software | Code Signing and Software Integrity | Planned | Apache-2.0 | No | |
smallstep Certificate Authority 0.28.x | Security Stack | Public Key Infrastructure (PKI) Software | Limited | Apache-2.0 | No | |
Sonatype Nexus Current | Application Servers & Software | CI/CD & Artifact Management | Planned | Commercial | No | |
Spring Security OAuth2 6.4.4 | Application Servers & Software | API Security and JWT Libraries | Planned | Apache-2.0 | No | |
SQL Server TDE/Always Encrypted SQL Server 2022 | Database | Database Encryption Software | No | Commercial | Validated | |
SSLyze 6.x | Network | Cryptographic Protocol Analyzers | Yes (detection) | AGPLv3 | No | |
strongSwan 6.0.0 | Network | VPN and IPsec Software | Yes (ML-KEM experimental) | GPLv2 | Partial | |
testssl.sh 3.0.x | Network | Cryptographic Protocol Analyzers | Yes (detection) | GPLv2 | No | |
Thales CipherTrust Data Security Platform 2.x | Security Stack | Data Security & Protection | Yes (ML-KEM ML-DSA via Luna HSM) | Commercial | Validated | |
Thales CipherTrust Manager 7.x | Cloud | Cloud Encryption Gateways | Yes (ML-KEM ML-DSA via Luna HSM) | Commercial | Validated | |
Thales High Speed Encryptor (HSE) HSE Firmware PQC Release (Mar 2025) | Network | Network Encryptors | Yes (ML-KEM ML-DSA SLH-DSA) | Commercial | Validated | |
Thales Luna Cloud HSM (DPoD) 7.x | Cloud | Cloud Hardware Security Module (HSM) | No (PQC roadmap pending) | Commercial | Validated | |
Thales Luna HSM 7.9.1 | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (ML-KEM FIPS 203 ML-DSA FIPS 204) | Commercial | Validated | |
Thales payShield 10K payShield 10K | Application Servers & Software | Payment Cryptography Systems | Planned | Commercial | Validated | |
Thunderbird + OpenPGP 128.x | Application Servers & Software | Email Encryption Software | No | MPL-2.0 | No | |
Toshiba QKD System Multiplexed QKD v2 | Hardware & Secure Elements | Quantum Key Distribution Software | Yes (QKD + PQC hybrid) | Commercial | No | |
Tuta Mail Current | Application Servers & Software | Secure Messaging and Communication | Yes (TutaCrypt Hybrid ML-KEM) | GPLv3 | Partial | |
U-Boot 2026.01 | Hardware & Secure Elements | Secure Boot and Firmware Security | No | GPLv2+ | No | |
UEFI Forum Secure Boot UEFI 2.10 | Hardware & Secure Elements | Secure Boot and Firmware Security | Planned | Industry Standard | No | |
Utimaco Athos 5.x | Application Servers & Software | Payment Cryptography Systems | Planned | Commercial | Validated | |
Utimaco ESKM 8.54 | Security Stack | Key Management Systems (KMS) | Yes (ML-KEM ML-DSA LMS XMSS) | Commercial | Validated | |
Utimaco SecurityServer 5.x | Hardware & Secure Elements | Hardware Security Module (HSM) Software | Yes (PQC roadmap) | Commercial | Validated | |
Venafi 24.1+ | Security Stack | Public Key Infrastructure (PKI) Software | Yes (Experimental ML-DSA and SLH-DSA) | Commercial | No | |
Venafi TLS Protect 24.1+ | Security Stack | Certificate Lifecycle Management | Yes (Experimental ML-DSA SLH-DSA) | Commercial | No | |
Venafi Trust Protection Platform Current | Security Stack | Public Key Infrastructure (PKI) Software | Yes (Crypto agility) | Commercial | Partial | |
VeraCrypt 1.26.24 | Application Servers & Software | Disk and File Encryption Software | No | Apache-2.0 | No | |
Virtru Data Protection Current | Security Stack | Data Security & Protection | Planned | Commercial | No | |
Windows Secure Boot Windows 11 24H2 | Hardware & Secure Elements | Secure Boot and Firmware Security | Planned | Commercial | Partial | |
Windows Server 2025 Nov 2025 Update | Operating System | Operating Systems | Yes (ML-KEM ML-DSA in CNG) | Commercial | Partial | |
wolfBoot 2.7.0 | Hardware & Secure Elements | Secure Boot and Firmware Security | Yes (ML-DSA) | GPLv3/Commercial | Validated | |
wolfSSH 1.4.22 | Application Servers & Software | SSH Implementation Software | Yes (Kyber Ed25519) | GPLv3/Commercial | No | |
wolfSSL 5.8.4 | Application Servers & Software, Security Stack | TLS/SSL Implementation Software | Yes (ML-DSA ML-KEM Kyber) | GPLv3/Commercial | Validated |