Step 1: Build Your Cryptographic Asset list (Cryptographic Bill of Materials)
The Zero Cost Method
- Start by retrieving your existing IT asset list, or build a new inventory of IT servers (including virtual machines) and IT equipment.
- Assign headcounts based on the amount of time available to work on the Cryptographic Asset List. Distribute portions of the IT Asset list among the assigned personnel, and have them identify any applications that use common cryptography-related protocols (e.g., HTTPS, SSH, IPSec VPN) or contain files with common Cryptographic extensions (e.g., .pfx, .p12, .cer, .key, .pem, .jks)
- Once you are satisfied that you have covered majority of the IT Asset list, move on to Step 2.
Read More
