Phase 1 — Discovery
Cryptographic Assessment
Comprehensive inventory and risk-based prioritization of all cryptographic assets across your organization, following Mosca's Theorem for threat timeline analysis.
| Priority | Asset Name | Domain | Current Algorithm | Risk Level | Status |
|---|---|---|---|---|---|
| P1 | Production PostgreSQL Cluster | Data at Rest | AES-256-CBC | High | pending |
| P3 | S3 Backup Archives | Data at Rest | AES-256-GCM | Medium | pending |
| P1 | Primary TLS Load Balancer | Data in Transit | ECDHE-RSA-AES256 | Critical | in-progress |
| P2 | Internal API Gateway | Data in Transit | TLS 1.2 RSA | High | in-progress |
| P1 | VPN Concentrator (IKEv2) | Data in Transit | RSA-2048 | Critical | pending |
| P1 | Corporate PKI Root CA | Authentication | RSA-4096 SHA-256 | Critical | planning |
| P2 | SAML Federation (Okta) | Authentication | RSA-2048 | High | pending |
| P2 | Code Signing Pipeline | Digital Signatures | RSA-2048 SHA-256 | High | pending |
| P3 | Document Signing Service | Digital Signatures | ECDSA P-256 | Medium | pending |
| P1 | Thales Luna HSM Cluster | Key Management | RSA-2048 | Critical | planning |
| P3 | AWS KMS Integration | Key Management | AES-256 | Medium | pending |
| P3 | Email Transport (SMTP TLS) | Data in Transit | TLS 1.2 RSA | Medium | pending |