Compliance Roadmap

Module-Lattice Digital Signature Algorithm. The default signature suite for QuantumSecure-issued certificates.

Signing is performed by liboqs (Open Quantum Safe). FIPS 140-3 module validation of the underlying cryptographic boundary is on the roadmap.

Stateless hash-based signatures, available as an alternative algorithm for high-assurance use cases.

Available via the API and ACME finalize flow.

Automated Certificate Management Environment. Compatible with certbot and similar clients.

JWS verification and one-shot replay-nonce protection are enforced. Order/account state is persisted in PostgreSQL.

Independent attestation of security, availability, and confidentiality controls.

Not yet engaged with an auditor. We are not SOC 2 certified and will not claim to be until we hold a current report from an accredited firm.

International information-security management system (ISMS) standard.

ISMS scoping in progress. We will publish the certificate and accreditation body once issued.

Validation of the cryptographic boundary that performs PQC signing and key storage.

Requires either a validated HSM partner or independent CMVP submission. Current builds use software liboqs.

Audit framework required for inclusion in browser/OS public-trust root stores.

QuantumSecure issues certificates for private/internal PKI today. Public-trust root inclusion is not in scope until further notice.