Table of Contents
Fetching ...

Towards a maturity model for crypto-agility assessment

Julian Hohm, Andreas Heinemann, Alexander Wiesmaier

TL;DR

CAMM addresses the need to quantify and improve crypto-agility amid PQC developments. It introduces a fixed-level maturity framework with five levels ($0$–$4$) and literature-derived requirements, mapped into Knowledge, Process, and System properties to guide assessment. The main contributions are the level definitions, the requirement taxonomy, and the accompanying dissemination site and preliminary evaluation. Practically, CAMM enables systematic measurement, planning, and staged enhancement of crypto-agility across software and IT landscapes.

Abstract

This work proposes the Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the state of crypto-agility of a given software or IT landscape. CAMM consists of five levels, for each level a set of requirements have been formulated based on literature review. Initial feedback from field experts confirms that CAMM has a well-designed structure and is easy to comprehend. Based on our model, the crytographic agility of an IT landscape can be systematically measured and improved step by step. We expect that this will enable companies and to respond better and faster to threats resulting from broken cryptographic schemes. This work serves to promote CAMM and encourage others to apply it in practice and develop it jointly.

Towards a maturity model for crypto-agility assessment

TL;DR

CAMM addresses the need to quantify and improve crypto-agility amid PQC developments. It introduces a fixed-level maturity framework with five levels () and literature-derived requirements, mapped into Knowledge, Process, and System properties to guide assessment. The main contributions are the level definitions, the requirement taxonomy, and the accompanying dissemination site and preliminary evaluation. Practically, CAMM enables systematic measurement, planning, and staged enhancement of crypto-agility across software and IT landscapes.

Abstract

This work proposes the Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the state of crypto-agility of a given software or IT landscape. CAMM consists of five levels, for each level a set of requirements have been formulated based on literature review. Initial feedback from field experts confirms that CAMM has a well-designed structure and is easy to comprehend. Based on our model, the crytographic agility of an IT landscape can be systematically measured and improved step by step. We expect that this will enable companies and to respond better and faster to threats resulting from broken cryptographic schemes. This work serves to promote CAMM and encourage others to apply it in practice and develop it jointly.
Paper Structure (8 sections, 2 figures, 9 tables)

This paper contains 8 sections, 2 figures, 9 tables.

Figures (2)

  • Figure 1: Applied procedure model for developing CAMM, adapted from becker_developing_2009
  • Figure 2: CAMM -- Stage model perspective