Inhaltsverzeichnis
2.1 Compliance
Regulatory conformance and audit documentation for post-quantum cryptography.
Compliance Framework
flowchart TB
subgraph EU["EU Law"]
NIS2["NIS2 Directive
(EU) 2022/2555"] GDPR["GDPR
Art. 32"] DORA["DORA
Financial Sector"] end subgraph DE["German Law"] ITSIG["IT Security Act 2.0"] KRITIS["KRITIS Regulation"] BSI["BSI IT-Grundschutz"] end subgraph INT["International Standards"] NIST["NIST FIPS
203/204"] FIPS["FIPS 140-3"] end WVDS[("WvdS
PQ-Crypto")] NIS2 --> WVDS GDPR --> WVDS DORA --> WVDS ITSIG --> WVDS KRITIS --> WVDS BSI --> WVDS NIST --> WVDS FIPS --> WVDS style WVDS fill:#4caf50,color:#fff
(EU) 2022/2555"] GDPR["GDPR
Art. 32"] DORA["DORA
Financial Sector"] end subgraph DE["German Law"] ITSIG["IT Security Act 2.0"] KRITIS["KRITIS Regulation"] BSI["BSI IT-Grundschutz"] end subgraph INT["International Standards"] NIST["NIST FIPS
203/204"] FIPS["FIPS 140-3"] end WVDS[("WvdS
PQ-Crypto")] NIS2 --> WVDS GDPR --> WVDS DORA --> WVDS ITSIG --> WVDS KRITIS --> WVDS BSI --> WVDS NIST --> WVDS FIPS --> WVDS style WVDS fill:#4caf50,color:#fff
Detailed Compliance Documentation
| Document | Description | Target Audience |
|---|---|---|
| BSI IT-Grundschutz | Mapping to BSI modules (CON.1, CON.5, OPS.1.1.5) | IT Security Officers |
| NIS2 Directive | EU 2022/2555 for critical infrastructure | Critical Infrastructure Operators |
| IT Security Act 2.0 | German implementation of EU requirements | Compliance Managers |
| GDPR Art. 32 | Encryption of personal data | Data Protection Officers |
| KRITIS Regulation | Sector-specific requirements | Critical Infrastructure Operators |
| Audit Checklist | Audit checkpoints for auditors | Auditors, BSI |
NIST Standards
The library implements the final NIST standards for PQ cryptography:
| Standard | Algorithm | Usage | Status |
|---|---|---|---|
| FIPS 2031) | ML-KEM | Key encapsulation | Final (2024) |
| FIPS 2042) | ML-DSA | Digital signatures | Final (2024) |
These standards are the result of the 8-year NIST Post-Quantum Cryptography Standardization Project.
Regulatory Recommendations
BSI (Germany)
The Federal Office for Information Security recommends:
ENISA (EU)
The European Agency for Cybersecurity6) recommends:
- Immediate evaluation of PQ solutions
- Crypto agility as a design principle
- Inventory of cryptographic assets
Industry-Specific Requirements
| Industry | Relevance | Regulation | WvdS Scenario |
|---|---|---|---|
| Energy/Utilities | Critical | NIS2, KRITIS Regulation | Energy |
| Healthcare | Critical | GDPR, DiGAV | Healthcare |
| Finance | Critical | DORA, PSD2 | Finance Scenarios |
| Industry | High | NIS2, BSI | Industry |
| Automotive | High | UN R155/R156 | Automotive |
| Government | Critical | BSI TR, NIS2 | Government Scenarios |
Quick Mapping: Requirements to WvdS
| Requirement | Regulation | WvdS Component |
|---|---|---|
| Cryptography policies | NIS2 Art. 21(2)h | CryptoConfig, Algorithms |
| State of the art | GDPR Art. 32 | ML-DSA/ML-KEM (NIST 2024) |
| Crypto concept | BSI CON.1 | Concepts |
| Key management | BSI CON.5 | KeyDerivation |
| Logging | BSI OPS.1.1.5 | Audit Logging |
| Supply chain security | NIS2 Art. 21(2)d | OpenSSL 3.6 (Open Source) |
Audit Support
Demonstrable Compliance:
- NIST FIPS 203/204 algorithms
- OpenSSL 3.6 (FIPS 140-3 validatable base)
- Hybrid signatures documented (X.509 extension)
- Complete API documentation → API Reference
Documentation for Audits:
- Algorithm selection justified (NIST standard)
- Key management documented
- Migration path traceable
Further Reading
- Risk - Why act now
- Strategy & Technology - Implementation planning
- Algorithms - Technical details
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional
1)
NIST FIPS 203: https://csrc.nist.gov/pubs/fips/203/final
2)
NIST FIPS 204: https://csrc.nist.gov/pubs/fips/204/final
3)
BSI: „Quantum-Safe Cryptography - BSI Recommendations for Action“, September 2024, Section 3.1: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Post-Quanten-Kryptografie_Handlungsempfehlungen.pdf
4)
BSI TR-02102-1: „Cryptographic Mechanisms: Recommendations and Key Lengths“, Version 2024-01, Chapter 7: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf
5)
BSI: „Quantum-Safe Cryptography - Fundamentals, Current Developments and Recommendations“, 2021, Section 5.2: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Brochure/quantum-safe-cryptography.pdf
Zuletzt geändert: on 2026/01/29 at 11:31 PM
