Evidence Pack Express

Signed evidence of where you stand on post-quantum migration

Regulators and boards are asking the same question: where is quantum-vulnerable cryptography in your stack, and what is the plan? An Evidence Pack answers it with a signed, verifiable artifact — produced with the TRELYAN verify-pqc toolchain and deliverable to auditors, customers, or your own change program.

Executive summary

What your cryptographic exposure is, in language a board or regulator can read.

A–F readiness grade

Recomputed from the findings at verification time — an altered grade fails signature verification.

Findings

Every discovered use of quantum-vulnerable cryptography, located and classified.

CycloneDX 1.6 CBOM

A machine-readable Cryptography Bill of Materials your tooling can consume.

Migration plan

Prioritized, sequenced steps to post-quantum readiness (FIPS 203/204/205 algorithms).

Signature + verification kit

The pack is ML-DSA-87-signed; verify it offline with the MIT @trelyan/verify-pqc toolkit.

Sign-in required. Payment settles through a hosted NOWPayments invoice (BTC, ETH, SOL, ALGO + 300 more). Card checkout is coming; for invoice/wire, contact support.

What this is — and is not

Signed, self-attested PQC migration evidence produced with the TRELYAN verify-pqc toolchain. Any alteration to the grade or findings invalidates the cryptographic signature. This is not a certification, not an audit opinion, and not a guarantee of quantum safety. It supports DORA/NIS2/CNSA 2.0 preparation but does not constitute legal, regulatory, or compliance advice — consult your compliance officer.