Practical Evaluation of the Crypto-Agility Maturity Model

Computer Science > Cryptography and Security [Submitted on 14 Apr 2026] Practical Evaluation of the Crypto-Agility Maturity Model Leonie Wolf, Samson Umezulike, Gurur Öndarö, Sebastian Schinzel, Fabian Ising Cryptographic agility is a key prerequisite for maintaining the long-term security of digital communication, particularly in light of the transition to post-quantum cryptography. To systematically assess this capability, Hohm et al. proposed the Crypto Agility Maturity Model (CAMM). In this work, we present the first evaluation of the CAMM against established design principles for maturity models. Our analysis reveals that the CAMM only partially satisfies these principles: its scope and target groups remain ambiguous; acceptance criteria are insufficiently operationalized, limiting verifiability and replicability; and dependency relations exhibit redundancies, cycles, and omissions. Applying the CAMM to a simple real-world scenario further confirmed these issues, as several requirements at higher maturity levels proved inapplicable or unclear. Based on these findings, we propose concrete improvements to the CAMM to enable more consistent and reliable assessments of cryptographic agility. Comments: 18th International Symposium on Foundations & Practice of Security (FPS - 2025) Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2604.12428 [cs.CR]   (or arXiv:2604.12428v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.12428 Focus to learn more Submission history From: Fabian Ising [view email] [v1] Tue, 14 Apr 2026 08:18:45 UTC (149 KB) Access Paper: view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)