Working Groups

PQC
Post-Quantum Cryptography Working Group

Preparing the PKI ecosystem for the quantum computing era through collaborative research, …

CM
Cryptographic Module Working Group

A central forum for addressing cryptographic module (CM) and hardware security module …

PKIMM
PKI Maturity Model Working Group

Building a globally recognized PKI maturity model for evaluating, planning, and comparing …

TCWG
Training and Certification Working Group

Advancing PKI knowledge and skills through structured training paths, certification …

CA
CA Working Group

A working group for discussions and information sharing among publicly trusted Certificate …

View all Working Groups →

Members

The PKI Consortium brings together leading organizations committed to trustworthy digital identities and secure communication.

341 Members 38 Independent
Browse all members →

Quick links

🤝
Join the PKI Consortium
Become part of our global network
📋
Application Process
Learn how membership works
📄
Bylaws & Governance
How decisions are made
Edit on GitHub

Working Groups PQCPQC Maturity Model (PQCMM)

Adopting the Model

A complete toolkit for organizations to evaluate the Post-Quantum Cryptography maturity of their existing supply chain and guide new procurements.

Managing Your Supply Chain Post-Quantum Risk

Organizations rely heavily on software, hardware, and services that utilize cryptography. As the threat of cryptographically relevant quantum computers (CRQC) grows, you must evaluate the readiness of your supply chain.

This is a fundamental shift in how organizations manage security. It’s the transition from a “set it and forget it” mindset to a state of perpetual readiness.

Your Toolkit

Use the resources below to build your baseline and secure your supply chain:

  • Vendor Survey Questions — Standardized questions to use in new tenders and to evaluate your current downstream supply chain.
  • Inventory and Governance — How to record vendor maturity, track risks, and manage exceptions.
  • Scoring and Evaluation — How to evaluate vendor answers, handle missing evidence, and score roadmaps.
  • Example Contract Clauses — Illustrative clauses for procurement and supply-chain contracts that reference the PQCMM (not legal advice).
  • Adoption Playbooks — Tailored strategies for small organizations, large enterprises, and regulated critical infrastructure.

Don’t wait for contract renewals. A self-assessment survey is a great starting point to gain awareness. Knowing that a critical vendor currently ranks at Level 0 might not mean immediate replacement, but it gives you the visibility needed to plan your roadmap.