L3Plan — Layer 3 of the platform

Migration Roadmap & Decision Engine

Turn the inventory into a phased, auditable plan. Every action is scored on quantum risk × data sensitivity × asset type, sorted into Quick Wins, Strategic, and Transformation phases — and tagged for one-click execution by Layer 4 where applicable.

Phased planQuick winsInvestment estimateL4 CA handoffAuditable scoring model
Sample artefact
CRITICAL
3
HIGH
11
MED
24
Phase 1 — Quick Wins (0–3 mo)
  • Rotate payments cert → hybrid X.509 (CRITICAL, M, → L4)
  • Enable hybrid KEM on edge-api (HIGH, S)
  • Upgrade AES-128 keys in warehouse (MED, S)
Phase 2 — Strategic (3–12 mo)
  • Replace ECDSA-P256 in admin auth flow
  • Roll out PQC KEM across internal mTLS
  • Crypto-agility wrapper in payment SDK
Phase 3 — Transformation (12–24 mo)
  • Decommission legacy IPSEC tunnels
  • Replace HSMs that lack PQC firmware
  • Vendor & supplier PQC compliance gates

Who it's for

  • CISOs who have to defend the migration plan to the board
  • Programme managers who need to sequence work across teams
  • Architects who want a no-regret path before vendor commits
  • Anyone whose roadmap today is a slide, not a system of record

What you get

  • Phased roadmap (0–3 mo / 3–12 mo / 12–24 mo)
  • Per-action priority (CRITICAL / HIGH / MED / LOW)
  • Per-action effort band (S / M / L / XL)
  • Per-action handoff layer (→ L4 CA where relevant)
  • Quick-wins shortlist for first sprint
  • Snapshot history — see how the plan evolves

How it works

Step 1

Pull the inventory

Run on the L2 inventory you already have. No re-import, no second source of truth.

Step 2

Score every asset

score = risk × data classification × asset type. Explicit, auditable; we publish the model.

Step 3

Bucket and dispatch

Quick Wins surface; Strategic and Transformation flow into the programme. Actions tagged → L4 can be executed straight from the CA.

Ready to plan?