|
+CRY-01.03AC |
1. ÜbersichtCRY-01.03ACThe PQC strategy, including the inventory and risk assessment, is reviewed at least annually or in case of significant changes impacting the PQC strategy.Recommendations for the migration to PQC and future-proof use of cryptography are provided, for example, in: 1. The BSI guideline 'Quantum-safe cryptography – fundamentals, current developments and recommendations'; 2. The roadmap 'A Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography' published by the European Commission; and 3. The preliminary drafts for the NIST publication 'NIST SP 1800-38: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography'. The risk assessment as part of the Post-Quantum-Cryptography strategy should consider: 1. The threat landscape posed by advancements in quantum computing; 2. Advancements in cryptographic mechanisms that are deemed secure against attackers in possession of a quantum computer; 3. Vulnerabilities inherent to the cryptographic mechanism; and 4. Vulnerabilities resulting from how cryptographic mechanisms are deployed (e.g. keys which are in use for an extended period of time and the data protected by those keys could already be harvested today and decrypted at a later date).
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|