Update May 2025:

The topic of crypto agility is gaining additional relevance thanks to a new white paper from the US National Institute of Standards and Technology (NIST). The official recommendations emphasize the importance of a structured crypto inventory and agile crypto architectures for companies. More on this topic can be found at the end of this article.

Content

Crypto Inventory and Crypto Agility – a Strong Basis for Corporate Security Secure and agile cryptography for your organization What is a crypto inventory? Advantages and added value of a crypto inventory Data timeliness What is crypto-agility? Key aspects of crypto-agility The biggest drivers for companies in the area of crypto-agility Best practices for your crypto management Turn challenges into opportunities: Effective crypto management with essendi xc tool support Optimize your crypto strategy Update Mai 2025: NIST veröffentlicht neues Whitepaper zu Krypto Agilität

Crypto Inventory and Crypto Agility – a Strong Basis for Corporate Security

Secure and agile cryptography for your organization

Cryptography is crucial for protecting sensitive data, securing digital transactions and meeting compliance requirements. The efficient administration of encryption technologies and crypto artifacts such as digital certificates and key material is at the heart of any IT security strategy.

What is a crypto inventory?

The crypto inventory is the central point of contact for all topics, to-do’s and processes related to cryptography. It includes and lists all cryptographic assets of a company, such as

  • digital certificates
  • cryptographic keys
  • algorithms and hash algorithms used
  • affected applications

A good and complete crypto inventory enables IT security managers and administrators to remain operational.

Advantages and added value of a crypto inventory

A complete and up-to-date inventory

  • offers transparency, structure and orientation
  • avoids security gaps
  • ensures compliance with compliance regulations and data protection rules
  • facilitates the administration and updating of cryptographic systems
  • enables rapid action in the event of cyber threats
  • ensures continuity of business operations

The crypto inventory lists crypto assets (digital certificates and key material) and reflects the cryptographic state of the IT systems (certificate status such as validity, expiration date, CA, key strength, key age, etc.).

Regulatory requirements are also becoming increasingly important. The EU regulation DORA (Digital Operational Resilience Act), for example, sets new standards for managing IT risks and improving digital resilience. This includes the need for a comprehensive crypto inventory and agile certificate lifecycle management. Read more about DORA and certificate management in our magazine.

Data timeliness

Regular scans and validations should be carried out to ensure that the latest status is available when needed. Tools such as essendi cd and essendi xc provide support for the regular and automated search for and management of unknown keys and certificates.

What is crypto-agility?

Crypto-agility refers to the ability to promptly adapt cryptographic systems to new security standards, threats or regulatory requirements and to change crypto assets, encryption methods and procedures.

This can be important if, for example, an algorithm has become insecure because computers have become more powerful. Concrete examples are the discontinuation of RSA-2048 by the BSI (German Federal Office for Information Security) as of January 2024 or the development of a quantum computer.

Key aspects of crypto-agility

Flexibility: Fast implementation of new algorithms.
Adaptability: Timely update of existing systems.
Resilience: Effective response to security incidents and loss of trust.
Business Continuity: Fast recovery in the event of necessary certificate changes.

The more diverse and complex the existing IT infrastructure, the greater the challenges for the successful implementation of a high degree of crypto-agility.

The biggest drivers for companies in the area of crypto-agility

1. Shorter validity periods for certificates

Certificates must be renewed at shorter intervals, for example every 90 days for TLS certificates.

Effects

  • Increased administrative workload
  • Need for tighter processes

Risks

  • Unnoticed expiration of certificates
  • Possible failures and security vulnerabilities

 

2. Rapid change of certification authorities (CAs)

Necessary, for example, due to changes in business processes or loss of trust in the CA

Effects

  • High time pressure
  • Issuance of new certificates

Risks

  • Business downtimes
  • Significant costs

 

3. Upgrade of algorithms, e.g. from RSA to ECC or from RSA / ECC to PQC

Increasingly powerful hardware (computers/servers) requires increasingly powerful encryption methods

Effects

  • Increased risk, as existing processes are no longer secure

Risks

  • Increased time and resource requirements
  • Limited experience

 

Best practices for your crypto management

Professionalize your crypto processes and save time through monitoring and automation.

The essendi xc product family is your proven tool set for handling cryptography.
 

Measures and tools

essendi xc – Certificate Management

  • Central overview and process hub / lifecycle management
  • Automated certificate management: issuance, renewal, administration
  • Monitoring and alerts: timely notification of expiring certificates
  • Flexibility: seamless switching between different CAs
  • Regular inventory checks
  • Metadata for customized structuring and advanced analysis

essendi cd – Certificate Discovery

  • Regular scan of the entire data center
  • Detection of unknown / foreign certificates
  • Automated and schedulable scans
  • Powerful search algorithms
  • Comprehensive filter functions
  • Transfer of the found certificates to the xc certificate management
  • Ensure that all components are identified
  • Identify unknown certificates

Establish emergency plan

  • Clearly define and assess risks, e.g. discrediting the CA or key algorithms used.
  • Define clear protocols and responsibilities
  • Prepare for rapid changeovers. Define the transformation process
  • Minimize downtime
  • Maintain business continuity

Benefits

  • Ensure that all components are up-to-date and secure.
  • Identify all algorithms in use and assess the risk level, especially of older algorithms.
  • Structure your crypto data.
  • Batch processing.
  • Simple processes for users.
  • Automatic repository maintenance.
  • Ability to meet compliance requirements.

 

Turn challenges into opportunities: Effective crypto management with essendi xc tool support

Cost reduction: Reduced manual effort and better resource utilization.
Risk minimization: Quick adjustments prevent security incidents, financial losses and protect the company’s reputation.
Compliance: Meeting regulatory requirements and building trust with customers and partners.
Strengthening competitiveness: Rapid implementation of innovative solutions and flexibility in the face of market changes.
Ensuring business continuity: Maintaining the ability to act. Rapid recovery after changes or transformations in ongoing operations is possible and manageable.
 

Optimize your crypto strategy

essendi xc and essendi cd: Your strong team for crypto inventory and crypto agility

essendi xc

  • Save time and avoid errors with automated certificate management
  • Proactive notifications and transparency thanks to comprehensive monitoring
  • Crypto agility and scalability through flexible customization options at all times
  • Regulatory compliance and current security standards are guaranteed
  • Crypto inventory always up to date
  • Diverse filtering and clustering options ensure easy identification and monitoring
  • Data structuring and standards ensure transparency and the ability to act

essendi cd

  • Complete overview of digital certificates and keys
  • Powerful search algorithms scan all file systems and find hidden certificates
  • Time savings and lower process costs through automated searches

Contact us for a LiveDemo of essendi xc or an analysis of how crypto agility can be implemented in your company.

May 2025 update: NIST publishes new paper on crypto agility

In April 2025, the National Institute of Standards and Technology (NIST) published a new paper entitled “Crypto Agility: Considerations for Migrating to Post-Quantum Cryptographic Algorithms”.

The paper highlights the importance of crypto agility, particularly considering the upcoming transition to post-quantum cryptography (PQC).

Key takeaways from the article:

  • Crypto agility is essential. Systems should be designed in such a way that cryptographic algorithms can be replaced without a significant amount of effort.
  • Inventory is critical. Organizations need to know where they are encrypting, how they are encrypting and what algorithms they are using.
  • NIST recommends establishing clear processes and roles to prepare for future threats and technology changes.

Previous recommendations for establishing a crypto inventory and creating agility in cryptographic structures are clearly supported by this official document.
The full NIST document is available here: NIST Crypto Agility Paper

Subscribe to the free essendi it newsletter.

SIGN UP NOW AND STAY INFORMED.