THE QUANTUM ALMANAC

Appendices

11 appendices designed to be extracted and used

The appendices are not afterthoughts. Four are directly actionable tools; the rest are reference material that supports the action plan.

The Quantum Almanac 2026-2027 contains 11 appendices (A-K). Four are directly actionable: Appendix B (Board Briefing Kit with 90-day checklist and 12-month cadence), Appendix C (Procurement Workbook with 16-question vendor questionnaire and model contract clauses), Appendix G (Five Practical Case Studies with response playbooks), and Appendix H (Readiness Maturity Model with 5-level scoring). Reference appendices cover 66 signal events, glossary, primary sources, FAQ, sector roadmaps, algorithm tradeoffs, and quick reference citations.

Actionable tools

Four appendices you can extract and use immediately.

Appendix B: Board Briefing Kit, 90-Day Checklist & Operating Cadence

Everything a CISO needs to brief a board and launch a program in 90 days. One-page opening statement, 12 questions every board should ask, a 90-day phased checklist, and a 12-month steering cadence.

  • One-page board opening statement
  • Suggested board resolution (ready to adopt)
  • 12 questions every board should ask
  • 90-day checklist (Days 1–30, 31–60, 61–90)
  • 12-month steering cadence
  • Metrics framework (visibility, trust, migration, governance)
  • 7 workstream owner assignments

Appendix C: Procurement Workbook, Vendor Questions & Model Contract Language

Turn vendor conversations from vague roadmap promises into structured evaluation. 5 supplier classes, 16-question vendor questionnaire across 5 sections, scoring rubric (0–5), and 8 model contract clauses.

  • 5 supplier classes (trust-path, data-horizon, admin-plane, embedded, high-concentration)
  • 16-question vendor questionnaire
  • 0–5 scoring rubric with level descriptions
  • 8 model contract clauses
  • 6 red flags in vendor language
  • RFP template language

Appendix G: Five Practical Case Studies and Response Playbooks

Five composite case studies—Global Bank, Hospital System, Cloud Software Company, Manufacturer, Digital Asset Custodian—each with a lesson that challenges a common assumption about PQC readiness.

  • 5 detailed case studies
  • Cross-case lesson synthesis
  • Response playbook pattern for each scenario

Appendix H: Readiness Maturity Model

A 5-level maturity model (Aware → Scoping → Planning → Executing → Agile) with scoring worksheet, 8 internal artifacts, and board expectations by level.

  • 5-level maturity model with descriptions
  • Scoring worksheet for 3 independent groups
  • 8 internal artifacts to produce
  • Board expectations by maturity level

Reference material

Seven appendices of evidence, definitions, and source documentation.

Appendix A: Signal Events: January 2025 – February 2026

66 signal events organized chronologically—the 14-month period in which quantum risk moved from conference rhetoric into central bank analysis, G7 coordination, national migration timelines, federal procurement language, and production-grade platform behavior.

  • 66 dated events with source attribution
  • Category classification (government, standards, platform, financial)
  • Why-it-matters annotation for each event

Appendix D: Glossary of Quantum Risk and Post-Quantum Security Terms

Approximately 70 terms defined in plain language with operational context, from Agile Cryptography through Zero Trust.

  • 70+ term definitions
  • Cross-references to relevant chapters

Appendix E: Primary Source Notes and Further Reading

43 annotated primary sources organized by tier—central bank and G7 coordination, national cyber authorities, platform and infrastructure signals, and standards and regulated disclosure.

  • 43 annotated sources with “why useful” commentary
  • 4-tier organization by durability and operational consequence

Appendix F: Frequently Asked Questions

25 questions and answers organized by audience: boards, CISOs, architects, and buyers. Designed to be extracted and used in internal communications.

  • 25 Q&A pairs
  • Organized by audience role
  • Extractable for internal use

Appendix I: Sector Implementation Roadmaps, Metrics & Leadership Questions

Six sector-specific roadmaps (Financial Services, Healthcare, Cloud/SaaS, Industrial/OT, Government/Defense, Digital Assets) each with key metric, key risk, key question, and common failure modes.

  • 6 sector roadmaps
  • Key metric per sector
  • Key risk per sector
  • Key leadership question per sector
  • Cross-sector metrics and bad dashboard detection

Appendix J: Architect’s Appendix: Algorithm Tradeoffs & Platform Snapshot

FIPS 203/204/205 practical roles and sizes, symmetric hardening table, handshake physics (32 bytes → 1,216 bytes), and evidence-based platform snapshot across 8 platforms.

  • FIPS 203/204/205 comparison table
  • Symmetric hardening guidance (AES-128→256, SHA-256→384)
  • Handshake size comparison (classical vs hybrid TLS)
  • 8-platform deployment snapshot (OpenSSH, Go, Microsoft, Apple, AWS, Google, Red Hat, Cloudflare)

Appendix K: Primary Source Quick Reference

Compressed citation list organized by category—the fastest path back to the underlying documents when you need to circulate the evidence base inside a team or committee.

  • Government & Policy sources
  • Standards & Migration sources
  • Platform & Infrastructure sources
  • Financial Disclosure & Public Trust sources

Get the full book

All 11 appendices are included in both hardcover and Kindle editions.

Buy the bookView chaptersSector playbooks