Quantinus — Post-Quantum Security Platform
Post-Quantum Readiness Platform

Know your quantum exposure
Fix it before it matters.

Quantinus gives you a complete cryptographic inventory — agent-deployed, live scan, or imported from your existing tools. Every finding scored, every remediation assigned, every deadline tracked.

NIST PQC OMB M-23-02 NSA CNSA 2.0 EU NIS2 CCCS PIPEDA GDPR
Request early access See how it works

No professional services. No implementation team. No consulting fees. Results in minutes.

2024
NIST PQC Standards Ratified
ML-KEM, ML-DSA, SLH-DSA
2026
NSA CNSA 2.0 Transition
Active — new systems must comply now
2027
EU CRA/NIS2 Enforcement
265 days — enforcement active
2030
OMB M-23-02 Deadline
Federal agencies fully migrated
2035
RSA/ECC End of Life
Classical crypto deprecated
How it works

From first scan to full remediation — end to end.

01 — LIVE SCAN
Public domains. 30 seconds. No setup.
Point Quantinus at any public-facing domain. Get a full TLS cryptographic risk assessment instantly. No agent. No signup required.
Best for: first assessment, vendor risk, executive demos.
02 — AGENT DEPLOY
Full internal coverage. Hours, not weeks.
Deploy the lightweight Quantinus agent across your environment. No traffic interception. No sensitive data leaves your perimeter. SSH, KMS, Vault, databases, code — everything.
Video walkthroughs + AI support included. Most teams scanning within hours.
03 — IMPORT DATA
Already have existing security tools? Use them.
Connect your existing security tools and import your cryptographic inventory in minutes. Your existing data, instantly PQC-scored. No new agent required for environments you already scan.
Connect your existing security tools — no new agent required for environments you already scan.
04 — CLASSIFY
Quantum risk scoring. Every framework.
Every asset scored against NIST PQC benchmarks. Compliance status calculated automatically against every applicable regulatory framework — no manual mapping required.
05 — REPORT
Audit-ready reports. One click.
PCI DSS, HIPAA, FedRAMP, ISO 27001, EU NIS2, CCCS PQC — formatted for your auditor, your board, or your regulator. What used to take weeks takes seconds.
06 — MIGRATE
Prioritized roadmap to post-quantum.
Risk-ranked remediation tasks with effort estimates, owner assignments, and dependency mapping. Step-by-step migration to ML-KEM-768, ML-DSA, and SLH-DSA.
07 — ASSIGN & TRACK
Findings become tickets. Automatically.
Every finding auto-generates a Jira issue, GitHub ticket, or ServiceNow RITM — pre-populated with context, remediation steps, and owner assignment.
Integrates with: Jira, GitHub Issues, ServiceNow, Linear.
Platform

Everything you need to get quantum-ready

Full-spectrum asset discovery
Every cryptographic asset across every layer — network, identity, database, cloud, hardware, DevOps, email, and storage. Nothing falls through the cracks.
Executive dashboard
Board-ready reporting with risk scores, compliance status, migration progress, and deadline tracking — all in one view. Share with your CISO or board in one click.
Multi-framework compliance
Compliance status tracked simultaneously against NIST PQC, OMB M-23-02, NSA CNSA 2.0, EU NIS2, CRA, CCCS, and NSM-10. Every asset mapped to every applicable standard.
Audit-ready reports on demand
PCI DSS, HIPAA, FedRAMP, ISO 27001, EU NIS2, CCCS PQC — generated in one click. No manual compilation. No spreadsheets. Formatted for your auditor.
Cryptographic Bill of Materials
CycloneDX-format CBOM — complete inventory of every cryptographic asset. The standard your auditors and regulators are starting to require.
Privacy-first architecture
The agent never transmits private keys or plaintext secrets. Only metadata and risk signals leave your environment. Platform administrators cannot access your scan data — enforced at the database level.
Asset coverage

Every cryptographic surface. Nothing missed.

Scan with our agent, import from existing tools, or scan public endpoints instantly. However your environment is structured — we cover it.

Network & Transport
TLS/SSL certificatesSSH keysVPN/IPSecRADIUSLDAP/AD certsRDP certificatesWi-Fi WPA EnterpriseSNMP v3
Identity & Access
PKI certificatesS/MIMESAML signingOAuth tokensKerberos keysSmart card certsJWT signing keysYubiKey configs
Database & Storage
TDE keysDB connection certsBackup encryptionColumn encryptionStorage array keysTape encryptionMySQL/PostgreSQL SSLOracle wallet keys
Cloud & KMS
AWS KMSAzure Key VaultGCP Cloud KMSHashiCorp VaultCyberArkCloud HSMS3 encryption keys
Hardware
HSM modulesTPM keysCode signing certsFirmware signingCrypto librariesOpenSSL versionsBoringSSL
DevOps & CI/CD
Kubernetes secretsDocker image signingGit signing keysTerraform encryptionAnsible vaultCI/CD secretsAPI signing keys
Email & Messaging
DKIM signingPGP/GPG keysEmail gateway certsSecure messagingMail server TLS
Backup & Recovery
Veeam encryptionVeritas keysCommvault certsBackup agent keysDR site certsSnapshot encryption

Don't see something? Tell us what you need — we add coverage based on customer environments.

Risk classification

Three levels of quantum exposure

Critical
Immediate action required
Assets using RSA-2048 or lower, ECDH/ECDSA on NIST P-256/P-384, or DH key exchange — broken by a cryptographically relevant quantum computer.
RSA-2048ECDH P-256DH-2048DSA
High
Plan migration now
Larger key sizes that provide more runway but are still vulnerable. Systems with long data-sensitivity windows need early planning.
RSA-4096ECDSA P-521AES-128
Monitor
Track and plan
Symmetric algorithms and larger hash functions that are quantum-resistant with doubled key sizes. Monitor for new guidance.
AES-256SHA-384SHA-512
Regulatory deadlines

The deadlines are real. The penalties are real.

OMB M-23-02
US Office of Management and Budget quantum-readiness mandate
Federal deadline: January 1, 2030
NSA CNSA 2.0
Commercial National Security Algorithm Suite 2.0
Active — new systems must comply now
EU NIS2
EU Network and Information Security Directive 2
Enforcement: Active — 265 days to CRA
EU CRA
EU Cyber Resilience Act — cryptographic requirements
In force: January 1, 2027
CCCS PQC
Canadian Centre for Cyber Security — PQC guidance
Active — Canadian federal & financial
NSM-10
US National Security Memorandum on quantum cybersecurity
Ongoing requirements
NIST PQC
Post-Quantum Cryptography Standards — ML-KEM, ML-DSA, SLH-DSA
Ratified: 2024 — The new standard
PIPEDA
Canadian Personal Information Protection — encryption requirements
Active — Canadian organizations
Audit reports

One click. Your auditor gets exactly what they need.

When your PCI QSA, HIPAA auditor, or FedRAMP assessor asks for cryptographic evidence — open Quantinus, select the report, download. What used to take weeks of manual compilation takes seconds.

Universal
Cryptographic Bill of Materials (CBOM) — CycloneDX 1.6
PQC Readiness Attestation
NIST PQC Gap Analysis
Executive Risk Summary (board-ready PDF)
Financial Services
PCI DSS v4.0 Cryptography Controls
SWIFT CSP Crypto Evidence
SOC2 Cryptographic Controls
Healthcare
HIPAA Security Rule Encryption Report
HITRUST CSF Crypto Controls
Government
FedRAMP Rev 5 Crypto Controls
FISMA / NIST SP 800-53
NSA CNSA 2.0 Readiness Assessment
CCCS PQC Readiness (Canada)
Protected B Crypto Compliance
Global Compliance
ISO 27001:2022 Cryptography Annex
EU NIS2 Compliance Report
GDPR Article 32 Encryption Attestation
Output formats:
PDF JSON CycloneDX CBOM CSV
Data residency

Your data. Your region. Your rules.

Choose your data region at signup. Your data never crosses regional boundaries — ever. Configured once, enforced always.

🇨🇦
Canada
AWS ca-central-1 · Montréal
PIPEDA compliant. Ideal for Canadian financial institutions, government agencies, and organizations under CCCS guidance.
🇺🇸
United States
AWS us-east-1 · Virginia
For US federal contractors, FISMA-regulated organizations, FedRAMP-aligned deployments, and US enterprises.
🇪🇺
European Union
AWS eu-west-1 · Ireland
GDPR compliant. For EU organizations subject to NIS2 and the Cyber Resilience Act. Data never leaves the EU.
🇯🇵
Japan
AWS ap-northeast-1 · Tokyo
For Japanese financial institutions under NISC cybersecurity guidelines and FSA requirements.
🇦🇺
Australia
AWS ap-southeast-2 · Sydney
For Australian organizations under ASD Essential Eight and APRA CPS 234 cybersecurity requirements.
🇸🇬
Singapore
AWS ap-southeast-1 · Singapore
MAS TRM compliant. Hub for APAC financial institutions under MAS Technology Risk Management guidelines.
Configurable retention
30 days, 90 days, 1 year, or 3 years. Automatic deletion after your selected period.
Admin data separation
Platform administrators cannot access your scan data. Enforced at the database level — not just policy.
Data never crosses borders
Your selected region is locked at account creation. Data migration available on Enterprise plans.
Encryption everywhere
TLS 1.3 in transit. AES-256-GCM at rest. The same standards we help you achieve.
Pricing

Built for the size of your environment.

Four tiers, each scaled to environment size, regulatory scope, and support requirements. Pricing is custom because compliance posture, agent count, and data residency requirements vary widely. We'll quote you on the first call.

Built with input from CISO-level advisors at North American financial institutions and government agencies.

Assessment
For organizations starting their PQC assessment journey.
  • Up to 500 cryptographic assets
  • TLS + SSH surfaces
  • Live domain scanning
  • CBOM + PQC Attestation reports
  • Executive Summary PDF
  • 1 agent license
  • Canada data residency
  • 90-day data retention
  • Email support
Talk to sales →
Most popular
Compliance
For regulated enterprises needing full compliance evidence.
  • Up to 2,500 cryptographic assets
  • All surfaces — TLS, SSH, KMS, Vault, Repo, DB
  • Import from existing security tools
  • All industry audit reports — PCI, HIPAA, ISO 27001, NIS2
  • ServiceNow RITM integration
  • 5 agent licenses
  • Choice of region — CA, US, EU available now. Japan, Australia, or Singapore on request.
  • 1-year data retention
  • Priority support — 4-hour response
Talk to sales →
Enterprise
For large financial institutions, federal agencies, and global enterprises.
  • Unlimited cryptographic assets
  • All surfaces + custom connectors
  • All reports + custom templates + white-labeling
  • Custom integrations and connectors
  • Unlimited agent licenses
  • Multi-region deployment — any AWS region available on contract
  • 3-year data retention
  • 1-hour SLA · Dedicated success manager
  • Custom DPA · SOC2 evidence package
Talk to sales →
Government
Purpose-built for Canadian and US government agencies. CanadaBuys available. IRAP-eligible.
All Compliance tier features
FedRAMP Rev 5 crypto controls
FISMA / NIST SP 800-53 report
NSA CNSA 2.0 readiness assessment
CCCS PQC readiness (Canada)
Protected B crypto compliance
Canadian and US residency available now. Other regions on request.
Contact us →
CanadaBuys · IRAP-eligible
All plans include: No setup fees · No professional services · No implementation costs · New regions provisioned within 30 days of signed contract
Need implementation support? Our certified partner network can help.
Partner program

Help your clients get quantum-ready. Earn recurring revenue.

Quantinus partners deliver post-quantum cryptography readiness to enterprise clients. You bring the relationships. We bring the platform.

Referral Partner
Referral
Recurring commission · Multi-year
Refer clients, earn recurring commission for the life of the relationship. No certification required. Access to partner portal and sales materials. Ideal for consultants, advisors, and VARs.
Certified Partner
Certified
Recurring commission · Multi-year
Listed on quantinus.io/partners. Deliver services to Quantinus clients. Access to technical documentation, sandbox, and co-marketing. Ideal for MSSPs and cybersecurity consultancies.
Strategic / MSSP
Strategic
By invitation · Custom terms
For large MSSPs and national consultancies with significant enterprise client bases. Custom commercial terms, joint go-to-market, and dedicated support. Contact us to discuss.

⭐ Founding Partner Program

The first 10 partners receive an extended commission period, direct input into the product roadmap, early access to new connectors before general release, and a co-branded launch announcement.

Applications close May 31, 2026 — partners must be onboarded before our September launch to qualify for founding-tier terms. · Apply: partners@quantinus.io
Security policy

How we protect your data

Security is not a feature we add — it is the foundation we build on. We practice what we scan.

Data minimization

The agent collects only cryptographic metadata. No private keys, no plaintext secrets, and no sensitive business data ever leave your environment.

Encryption in transit and at rest

TLS 1.3 in transit and AES-256-GCM at rest. We apply the same cryptographic standards we help you achieve.

Vulnerability disclosure

Report vulnerabilities to hello@quantinus.io. We acknowledge within 24 hours and resolve critical issues within 7 days.

Access controls

Role-based access controls with full audit trails. Multi-factor authentication is required for all platform accounts.

Admin data separation

Platform administrators cannot access your scan data, findings, or reports. Enforced at the database level with row-level security. No exceptions.

Our own PQ readiness

We are actively migrating our own infrastructure to post-quantum standards — the same ones we help our customers achieve.

Ready to know your
quantum exposure?

Join the early access program. We are onboarding enterprise teams now — ahead of our September 2026 public launch.
Scan your first domain in 30 seconds. Full environment coverage in hours.

Or email us at hello@quantinus.io

By submitting you agree to our Privacy Policy and Terms of Service.