Towards a maturity model for crypto-agility assessment
This work addresses the need for companies to systematically measure and enhance crypto-agility to respond faster to threats from broken cryptographic schemes, though it appears incremental as it builds on existing literature.
The paper tackles the problem of assessing and improving cryptographic agility in software and IT landscapes by proposing the Crypto-Agility Maturity Model (CAMM), which includes five levels with requirements based on literature review, and initial expert feedback confirms its well-designed structure and ease of comprehension.
This work proposes the Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the state of crypto-agility of a given software or IT landscape. CAMM consists of five levels, for each level a set of requirements have been formulated based on literature review. Initial feedback from field experts confirms that CAMM has a well-designed structure and is easy to comprehend. Based on our model, the crytographic agility of an IT landscape can be systematically measured and improved step by step. We expect that this will enable companies and to respond better and faster to threats resulting from broken cryptographic schemes. This work serves to promote CAMM and encourage others to apply it in practice and develop it jointly.