Hall 5 · Exhibit 4 1 min
Enterprise Migration: Meta's Framework
A practical playbook for any organization
Maturity modelUnaware → Aware → Ready → Hardened → Enabled
Six stepsPrioritize → Inventory → Dependencies → Design → Guardrails → Integrate
First moveCryptographic inventory
Default designML-KEM-768 + ML-DSA, hybrid
PQC Maturity Levels
- •PQ-Unaware: Not aware of quantum threat — most vulnerable
- •PQ-Aware: Assessment completed, no protections designed
- •PQ-Ready: Solution implemented, not yet in production
- •PQ-Hardened: All available protections deployed, some gaps
- •PQ-Enabled: Full quantum protection — the ultimate goal
The Six-Step Strategy
- •Step 1 — Prioritize: Classify by risk (High: SNDL-vulnerable; Medium: online attack targets; Low: symmetric-only)
- •Step 2 — Inventory: Map all cryptographic usage with automated discovery + developer reporting
- •Step 3 — Dependencies: Identify blockers (NIST/IETF standards, HSM support, LibOQS readiness)
- •Step 4 — Design: Select for key exchange, for signatures. Prefer ML-KEM-768.
- •Step 5 — Guardrails: Block new quantum-vulnerable keys in build systems
- •Step 6 — Integrate: Deploy hybrid approach. Meta prioritizes classical safety net.
Key Takeaways
- Meta's 5-level maturity model: PQ-Unaware → PQ-Aware → PQ-Ready → PQ-Hardened → PQ-Enabled
- Six-step strategy: Prioritize → Inventory → Dependencies → Design → Guardrails → Integrate
- Four principles: effectiveness, timeliness, performance, cost efficiency