5. PQCavailabiIity

1. Which symmetric algorithms are in use (e.g., AES-256, ChaCha20)?

2. Which asymmetric algorithms are in use (e.g., RSA, ECC)? Can you provide use cases for them?

3. Are legacy or weak algorithms (e.g., MD5, DES, SHA1, RC4) still used anywhere? Can you provide use cases?

4. Are you using digital signatures in other applications, and what algorithms support them?

5. Are hash functions like the SHA-2 or SHA-3 implemented uniformly?

6. Can your systems easily swap out cryptographic algorithms without significant reengineering?

7. How often do you perform cryptographic upgrades or rotations?

8. Has your organization identified which PQC-ready products, libraries, or vendor solutions are already available in your environment?

9. Do your vendors and suppliers provide clear PQC/hybrid readiness roadmaps, and are they aligned with NIST/EU standards?

10. Have you conducted pilot projects or proofs-of-concept with PQC or hybrid implementations in real systems (e.g., TLS, VPNs, PKI)?

11. Do your systems (servers, endpoints, IoT, embedded devices) have the processing power and memory needed to run PQC algorithms at scale?

12. Do you have internal expertise and staff availability to evaluate, test, and deploy PQC implementations provided by vendors?