Simplifying Cryptographic Discovery, Inventory, and Risk Assessment for the Federal Government and Commercial Enterprise
This FAQ section provides comprehensive answers to common questions about TYCHON Quantum Readiness, its compliance with federal mandates, and how it helps organizations prepare for the post-quantum cryptography era.
OMB Memorandum M-23-02 "Migrating to Post-Quantum Cryptography" directs federal agencies to 1) maintain annual inventories of quantum vulnerable cryptographic algorithms and 2) engage with NIST to coordinate efforts. In response to this memorandum, NIST issued the NIST 1800-38 series on Cryptographic Discovery and Interoperability Testing with practical guidance and specific reporting requirements.
Established a timeline for supporting TLS 1.3 and identifying product categories for PQC capable tools.
Federal Register: Improving the Nation's Cybersecurity →Requires federal agencies to prepare for the post-quantum era by evaluating and transitioning to quantum-resistant cryptography.
View legislation on Congress.gov →Directs specific actions for agencies to begin to migrate vulnerable computer systems to quantum resistant information systems. Each agency is responsible for discovering, documenting, and maintaining a comprehensive inventory of devices and applications vulnerable to decryption by quantum computers.
White House briefing on NSM 10 →Directed agencies to inventory cryptographic systems annually and laid out concrete steps toward being quantum ready.
Read the full memorandum (PDF) →While government mandates and requirements target federal agencies, all enterprises with sensitive information are vulnerable. Organizations that are serious about protecting their data must start planning for post-quantum cryptography, and the first step is to understand what standards are currently in place.
TYCHON Quantum Readiness can help all organizations—federal and commercial—to easily generate a comprehensive inventory of cryptographic systems and identify weak ciphers and vulnerabilities.
TYCHON Quantum Readiness is designed to comprehensively address federal cryptographic inventory and assessment requirements. We've done the homework to make it easy for federal buyers to justify the purchase of TYCHON Quantum Readiness.
✓ OMB M-23-02 Compliance
✓ NIST 1800-38B Alignment
✓ NSM 10 Requirements
✓ CISA Cybersecurity Guidance
TYCHON Quantum Readiness is a discovery and risk classification solution based on the fast-moving and daunting cryptographic space. We parse the complexity of algorithms and their implementations into discrete components, analyzing each step in the process, pinpointing the most urgent risks.
Network-only monitoring solutions cannot effectively track enterprise-wide operations because they do not detect cryptographic operations that occur locally on endpoints. Without endpoint visibility, organizations only see encrypted data traversing the network, missing crucial information about the encryption process and implementation.
Critical Insight:
On-device discovery captures both cryptography in use, and just as important: cryptography available for use. Bad ciphers must be found and removed from the system. Once they are used on the network, it is often too late to stop the negative impact.
Yes. TYCHON's lightweight endpoint scripts deliver network-based information, but also continuous visibility regardless of location, ensuring that organizations maintain oversight of their cryptographic assets and operations.
| Category | Dataset | Description |
|---|---|---|
| General | Host OS Info | Device Guard, Trusted Platform Module (TPM), UEFI Settings |
| Quantum Readiness | PQC Client TLS Protocols Data | Protocols Used to Originate a Client Session |
| PQC Discovered Cipher | Method to Transform Plaintext to Cipher Text | |
| PQC Listening Port Certificate | Attributes of Application Certificates | |
| PQC System Certificates | Certificates Used to Verify Secure Connections | |
| Network Data | Network PQC Discovered Ciphers | TLS Cipher Data in Network Packets |
| Non-TLS Protocol Discovery | Protocols such as SSH, S/MIME and VPNs | |
| Network PQC Listening Port Certificate | Certificate Data in Network Packets |
TYCHON Quantum Readiness includes pre-built dashboards for inventory and risk assessment for Splunk and Elastic integrations.
TYCHON Quantum Readiness can be paired with TYCHON Enterprise or other systems management tools like Microsoft Intune and BigFix to perform remediation and migration to quantum-resistant algorithms.
Yes. TYCHON Quantum Readiness integrates seamlessly with both Splunk and Elastic platforms.
Pre-built dashboard content packs are available for both platforms. Note that you need to bring your own license (BYOL) for these platforms.
Yes. TYCHON supports a wide range of enterprise platforms including:
Yes. TYCHON offers integrations with companies like SafeLogic and Qrypt to provide end-to-end cryptographic solutions.
Yes. TYCHON offers pilot programs and proof of concept deployments for organizations interested in evaluating Quantum Readiness capabilities. Contact us to learn more.
Yes. TYCHON Quantum Readiness is available through Carahsoft, our government contracting partner.
View Government Contract Vehicles →TYCHON is continuously enhancing Quantum Readiness capabilities, including the forthcoming consolidated binary and additional features to streamline cryptographic discovery and risk assessment. Contact us to discuss upcoming features and roadmap details.
Our team is here to help you understand how TYCHON Quantum Readiness can meet your organization's cryptographic inventory and risk assessment needs.