Tool 05 / 05 · Leadership · v0.2.0

Executive One-Pager.

A single-page board-ready summary in three columns: the risk, the mandate, the ask.

The shortest deliverable in the section. Short enough to read in the elevator, dense enough to defend a procurement decision in the boardroom. Use it when the conversation turns to capital allocation, cyber-risk reporting, or "should we be doing something about quantum." A4 / Letter. Reviewed quarterly.

SeriesQuantum · Tools
Tool05 of 05
Version0.2.0 · 2026
LicenseCC BY 4.0
Download · PDF
pqc-executive-one-pager.pdf
A4 / Letter, single page, three columns. Print-ready for board packs and steering-committee distribution. The PDF version is what you hand around the table; the web version below is what you cite in a Slack message.
Quarterly review · CC BY 4.0
Download PDF →
The web version — same content as the PDF
Column 01

The risk.

  • HNDL is current, not futureQuantum computers will break RSA and elliptic-curve cryptography. The risk begins now, not when a quantum computer arrives — adversaries are exfiltrating encrypted data today for future decryption.
  • Documented in threat intelligenceFederal Reserve research (2025) documents HNDL-motivated collection in financial-services traffic. The pattern is in the public-record threat-intelligence corpus.
  • 5-year confidentiality thresholdAny data your organization must keep confidential for more than five years is effectively at risk today — most strategic business information sits in that window.
Column 02

The mandate.

  • FIPS 203/204/205 finalizedNIST published three replacement standards in August 2024 — ML-KEM for key establishment, ML-DSA and SLH-DSA for signatures. Standards stable; vendor adoption underway.
  • CNSA 2.0 — Jan 2027 preferredNSA's algorithm suite requires NSS to prefer PQC by January 2027 and disallow classical algorithms in 2030–2031. The procurement landscape is shaped by it.
  • CISA — Jan 2026 procurement guidanceCISA issued PQC procurement guidance in January 2026. Buying new network equipment without a PQC upgrade path is now a compliance risk, not a future concern.
Column 03

The ask.

  • Approve a cryptographic inventory sprintScope: all internet-facing and high-trust systems. Named owner. Quarterly review cadence. The foundation of every other decision.
  • Update procurement languageRequire PQC readiness criteria in all new technology contracts from 2026 forward. Use the published RFP rubric.
  • Establish a transition ownerSingle accountable role reporting into the CIO/CISO line. Quarterly maturity review.
  • Defer proprietary "quantum-safe" purchasesWait for FIPS-validated, NIST-aligned products from the existing vendor stack. Avoid bespoke replacement risk.
Standards are stable. Vendor readiness and compliance deadlines are not. Review quarterly.
v0.2.0 · 2026 · CC BY 4.0
HOW TO USE

When to put it in front of the board.

Three predictable moments.

The one-pager is built for three predictable conversations. First: any board or steering-committee discussion that turns to cyber-risk reporting. The risk column gives the framing; the mandate column gives the deadline pressure; the ask column gives the structural posture. Second: any capital-allocation conversation where security is asking for a multi-year program. The ask column is the structure. Third: any moment a board member asks "should we be doing something about quantum" — hand them the PDF and walk them through it.

Pair it with the Executives briefing when the conversation goes deeper. The one-pager is the meeting artifact; the briefing is the appendix. Use one workbook of the Vendor RFP Rubric per critical vendor as the supporting evidence for the procurement-language ask.

Cross-references

For the deeper executive framing, see the Executives briefing. For the procurement-side companion, see the Vendor RFP Rubric. For the structured exposure analysis your auditors and counsel will cite, see the Active Research note on Post-Quantum Cryptographic Exposure.

Quantum · Tool 05 — Executive One-Pager v0.2.0 © 2026 Deretti Cyber Labs · CC BY 4.0 05 / 05