Towards a maturity model for crypto-agility assessment
Julian Hohm, Andreas Heinemann, Alexander Wiesmaier
TL;DR
This paper introduces the Crypto-Agility Maturity Model (CAMM), a structured framework with five levels designed to assess and improve the cryptographic agility of IT environments, enabling faster response to cryptographic threats.
Contribution
The paper presents CAMM, a novel five-level maturity model for systematically evaluating and enhancing crypto-agility in software and IT landscapes, validated by expert feedback.
Findings
CAMM has a well-structured design and is easy to understand.
Initial expert feedback confirms CAMM's practical relevance.
CAMM enables systematic measurement and improvement of cryptographic agility.
Abstract
This work proposes the Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the state of crypto-agility of a given software or IT landscape. CAMM consists of five levels, for each level a set of requirements have been formulated based on literature review. Initial feedback from field experts confirms that CAMM has a well-designed structure and is easy to comprehend. Based on our model, the crytographic agility of an IT landscape can be systematically measured and improved step by step. We expect that this will enable companies and to respond better and faster to threats resulting from broken cryptographic schemes. This work serves to promote CAMM and encourage others to apply it in practice and develop it jointly.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Techniques and Practices · Software System Performance and Reliability · Information and Cyber Security