4Qubits Decision Ledger

4 Qubits

Post-quantum cryptographic posture management.
Sign in or register to get started.

Run PQC Discovery Scan

Multi-dimensional scan: code analysis, TLS endpoints, cloud infrastructure, key management, algorithm inventory, CBOM generation. Aligns with NIST SP 800-131A, CNSA 2.0, and FIPS 140-3.

Code Path

TLS Target

Stage 1

Discover

—

findings

Stage 2

Decide

—

in review

Stage 3

Record

—

approved

Stage 4

Act

—

action plans

Stage 5

Verify

—

passed

Stage 6

Attest

—

bundles

⚡

Loading…

⚠

Action Needed

Total Findings

—

Quantum Vulnerable

—

Quantum Safe

—

Compliance Mappings

—

Recommendations

—

Ledger Entries

—

Chain Integrity

—

Discovery Sources

Quantum Vulnerability Status

Algorithm Breakdown

Findings by Source

Details

Severity Distribution

Details

Effort vs Risk Reduction

Details

Recommendation States

Trace ID	Source	Algorithm	Key Size	Location	Quantum Status	Confidence	Remediation

Trace ID	Severity	SOC 2	PCI DSS	HIPAA	NIST Target	HNDL Risk

Trace IDs	Title	Target State	Effort	Risk ↓	Compliance ↑	State	Actions

Governance

CISO Action Center

Needs Triage

Awaiting Review

Pending Remediation

Remediation Active

Remediated

SLA Breached

Critical Unassigned

Chain Integrity

Total Decisions

Approved

Avg Days to Approve

Priority	Algorithm	Location	Status	Assignee	SLA	Due Date	Remediation	Actions

Decision Detail

Select a decision to view details.

Scanner Comparison (MOE Analysis)

Scanner Coverage Radar

Confidence by Scanner

Findings Overlap (Multi-Scanner Detection)

Algorithm	Location	Detected By	Scanner Count	Confidence

What-If Sensitivity Simulator

Simulate algorithm migrations to predict compliance impact before making changes.

HNDL Risk

Harvest-now, decrypt-later exposure modeling with data-lifetime and CRQC timeline inputs for prioritized remediation.

HNDL Risk Distribution

Top At-Risk Algorithms

Per-Finding HNDL Scores

Algorithm	Location	Source	Risk Score	Risk Level	HNDL Years	Compromised?	Action

Dimension Scores

Algorithm Diversity

PQC Readiness Breakdown

Improvement Actions

ML Readiness

Model-driven PQC readiness scoring with interpretable feature importance, roadmap guidance, and AI-assisted narrative analysis.

Model Type

Prediction Target

Data Classification

CRQC Timeline

AI Interpretation

Click Generate Analysis to get an AI-powered interpretation of the ML readiness prediction, referencing NIST PQC standards and CNSA 2.0 migration requirements.

Feature Importance by Category

All 27 ML features grouped into 6 interpretable categories. SHAP importance is summed per category from the full ensemble model. Click any category to see individual feature contributions.

Feature Values Radar

Ensemble Model Comparison

Improvement Roadmap

Decision Ledger

Immutable event history with verifiable chain integrity, checkpointing, exportable proof bundles, and operational repair controls.

⏳ Chain Status: —

Entries: —

Merkle Root: —

Last Checkpoint: —

Time	Actor	Event	Entity ID	Hash (first 16)	Prev (first 16)	Signature	Proof

Merkle Tree

Checkpoint and inclusion-proof verification view for RFC 6962-style attestation, offline proof checks, and exportable trust artifacts.

⏳ Tree Status: —

FINRA 4511 SEC 17a-4(f) SOX §802 Dodd-Frank §619 RFC 6962

Executive Summary

AI-generated narrative assessment powered by local LLM. Vectors to NIST PQC, CNSA 2.0, and regulatory sources.

Assessment At-a-Glance

Overall Risk

PQC Readiness

Compliance

HNDL Exposure

Cryptographic Posture

Click "Generate Summary" to create AI-powered executive narrative.

Quantum Threat Landscape

HNDL exposure analysis and CRQC timeline assessment.

Compliance & Regulatory

SOC 2, PCI DSS, HIPAA, NIST, CNSA 2.0 coverage analysis.

Migration Recommendation

Phased PQC migration plan with effort estimates.

Compliance Framework Coverage

Visual pass/fail status per compliance framework. Thresholds based on industry standards and regulatory requirements.

Control-Level Detail

Framework	Control	Status	Finding Count	Action

PQC Migration Roadmap

Phased migration visualization aligned to NIST SP 1800-38 and CNSA 2.0 timelines.

Phase Breakdown

Algorithm Migration Matrix

Current Algorithm	Count	Target PQC	CNSA 2.0 Deadline	Status

Checking reasoning engine...

Vector Search (RAG)

PQC Chat

Composite

Platform Security Posture

NIST SP 800-53 / 800-207 self-assessment with CISA ZTMM zero trust maturity and continuous crypto monitoring.

Platform

Crypto

Checks Passed

Critical Fails

Alerts

CISA Zero Trust Maturity Model

🔑

Identity

💻

Devices

🌐

Networks

📱

Applications

🗄️

Data

NIST CSF 2.0 Alignment

Load data to view CSF alignment

NIST SP 800-53 Compliance

Load data to view compliance status

Security Self-Assessment Checks

Status	Check	Category	NIST Controls	ZT Pillar	Detail

Cryptographic Monitoring Alerts

Severity	Category	Title	Algorithm	NIST Ref	Remediation	Count

Algorithm Health Status

Algorithm	Count	Vulnerable	Deprecated	CNSA 2.0	Crypto Period

Monitoring Coverage

Load data to view coverage

Cross-Cutting Capabilities

Load data to view capabilities

Intelligence Hub

Board-facing intelligence for CNSA deadlines, PQC maturity, and supply-chain cryptographic risk concentrated into one analysis surface.

CNSA 2.0 Migration Countdown

Algorithm Deadline Detail

Algorithm	Deadline	Days	Risk Tier	Migration Target	Findings

PQC Maturity Model (PQCMM)

PQCMM Improvement Roadmap

#	Dimension	Current	Action	Impact

Supply Chain Crypto Risk

Vuln Deps

Total Deps

Vuln Images

Inheritance

Library	Version	Risk	Vuln	Safe	Algorithms

Risk Inheritance

Library	Version	Vuln Algos	Locations	Score

Frameworks

Controls

Met

Gaps

Trust & Signing

Operational signing coverage, PQC signature visibility, blockchain anchoring, and latest-verification actions in one trust control surface.

Active Signing Algorithm

Signed: 0 · Unsigned: 0 · Anchors: 0 · TSA Verified: 0

Signing Coverage

PQC Signatures

Signature	Checkpoint	Algorithm	Signed At	Compliance

Blockchain Anchors

Anchor	Checkpoint	Hash	Created	Status	Network

Hardware Trust Attestation

Cross-validated hardware-root-of-trust posture: TPM, PKCS#11, HSM/KMS metadata, secure-element evidence, and SEALSQ migration recommendations. Disagreements between scanners surface as evidence, not silent overrides.

Assets Assessed

Hardware-Backed

Software-Only

Unknown

Conflicting Evidence

Regressed

SEALSQ Candidates

Enrolled Agent Devices

Each row is one installed agent. Status, last-seen timestamp, and key prefix let you match a row to a specific machine. Revoking a device immediately invalidates its api_key — the next sync attempt 401s. Re-enrolling the same machine requires generating a new install script.

⚡ Quick Start: Scan This Computer's TPM

Foreground mode — downloads connect-tpm.ps1; you double-click it; a PowerShell window stays open showing live scan logs. Best for spot-checks, demos, BreachLock prep.

Tray mode — installs the silent background agent. A small 4Q icon lives in your system tray with a posture status dot. Optionally starts at sign-in. Best for continuous monitoring.

Hardware Connections — How to Connect & Scan

① Local hardware (this host)

For TPM 2.0 chips on the machine running this container or a 4Qubits agent. The agent probes /dev/tpm* (Linux) or Windows TBS / Get-Tpm directly — no URL or token needed. Pick TPM (local) and a name; the scan will auto-detect presence, EK certificate, secure-boot state, and boot PCRs.

② On-prem HSM / smartcard / token

Pick PKCS#11. Provide the path to the vendor library on the scan host (Luna: libCryptoki2_64.so · nShield: libcknfast.so · YubiHSM: yubihsm_pkcs11.so · CloudHSM: libcloudhsm_pkcs11.so · SoftHSM2: libsofthsm2.so). The PIN is encrypted at rest with the connector vault.

③ Remote SEALSQ chip / device fleet

Pick the SEALSQ family that matches your hardware (QVault TPM, QS7001, or VaultIC) and paste the SEALSQ provisioning endpoint URL plus a bearer token issued by your SEALSQ admin portal. The scanner pulls the device inventory over HTTPS and maps each device into the MoE expert as Tier 1 hardware-attested evidence.

Workflow: ① fill in the form below → ② click Add Connection → ③ click Test in the table to verify reachability → ④ once green, click Run Scan below to enumerate every active hardware connection and feed evidence to the cross-validation expert. Findings appear in the assessment tables; conflicts and regressions emit signed ledger events automatically.

Connection Type

Connection Name

Type	Name	Status	Created	Actions

Hardware Resilience Score

Before / After SEALSQ migration

Today

→

Post-migration

Control Tier Distribution

SEALSQ Migration Candidates

Priority	Asset	Algorithm	Tier	Status	Recommended Product	Before	After	Reason

Cross-Validated Asset Posture

Asset	Algorithm	Provider	Tier	Status	Confidence	Supporting	Conflicting

Sector:

Migration Velocity

-- --

Auto-Migration Patches

0 patches for 0 findings

Container Crypto Scan

Scan a container image for cryptographic libraries and algorithms using Syft + Trivy.

Certificate Transparency Monitor

Monitor CT logs to discover certificates issued for your domains.

Dempster-Shafer Evidence Fusion

Select multiple scan runs to cross-validate findings using evidential reasoning. Reduces false positives by combining independent scanner evidence.

Scan Runs

ID	Target	Source Type	Status	Created

Total Scanners

Available

Critical OK

Mode

User Management

User ID

Display Name

Password (min 12)

Roles

Hold Ctrl/Cmd to select multiple

Scopes

Hold Ctrl/Cmd to select multiple

User ID	Name	Roles	Scopes	Status	Last Login	Actions

Security Actions

Change Password

Current Password

New Password (min 12 chars)

Confirm New Password

MFA Setup (TOTP)

Token Revocation

RAG Vector Index

Index all findings into ChromaDB for semantic search.

Tenant Management (Master Admin Only)

View, approve, or reject tenant registrations.

Integrations Center

Total

Connected

Scannable

Services

Action Layer Discover → Decide → Record → Act → Verify → Attest

Execution Contexts

Gateway credentials the Action Layer uses to open PRs (GitHub / GitLab) or to call cloud APIs in DIRECT mode (AWS / Azure / GCP / HSM). Static creds are encrypted at rest. STS / WIF / managed identity / Vault strategies issue short-lived creds at execution time.

Loading…

Welcome to 4 Qubits

Connect to Your Instance

Connect Your Integrations

Running Discovery

Discovery Complete

Action Needed

Pending Tenant Requests

Quantum Vulnerability Status

Algorithm Breakdown

Findings by Source

Details

Severity Distribution

Details

Effort vs Risk Reduction

Details

Recommendation States

Governance

CISO Action Center

Decision Detail

Scanner Comparison (MOE Analysis)

Scanner Coverage Radar

Confidence by Scanner

Findings Overlap (Multi-Scanner Detection)

What-If Sensitivity Simulator

HNDL Risk Distribution

Top At-Risk Algorithms

Per-Finding HNDL Scores

Dimension Scores

Algorithm Diversity

PQC Readiness Breakdown

Improvement Actions

AI Interpretation

Feature Importance by Category

Feature Values Radar

Ensemble Model Comparison

Improvement Roadmap

Executive Summary

Cryptographic Posture

Quantum Threat Landscape

Compliance & Regulatory

Migration Recommendation

Compliance Framework Coverage

Control-Level Detail

PQC Migration Roadmap

Phase Breakdown

Algorithm Migration Matrix

Vector Search (RAG)

PQC Chat

Platform Security Posture

CISA Zero Trust Maturity Model

NIST CSF 2.0 Alignment

NIST SP 800-53 Compliance

Security Self-Assessment Checks

Cryptographic Monitoring Alerts

Algorithm Health Status

Monitoring Coverage

Cross-Cutting Capabilities

CNSA 2.0 Migration Countdown

PQC Maturity Model (PQCMM)

PQCMM Improvement Roadmap

Supply Chain Crypto Risk

PQC Signatures

Blockchain Anchors

Enrolled Agent Devices

⚡ Quick Start: Scan This Computer's TPM

Hardware Connections — How to Connect & Scan

Hardware Resilience Score

Control Tier Distribution

SEALSQ Migration Candidates

Cross-Validated Asset Posture

Migration Velocity

Auto-Migration Patches

Container Crypto Scan

Certificate Transparency Monitor

Dempster-Shafer Evidence Fusion

Scan Runs

User Management

Security Actions

Change Password

MFA Setup (TOTP)