top of page
๐๐ฌ๐ฌ๐ฎ๐๐: 24 ๐๐ฎ๐ง๐ 2026 - ๐๐๐342โ08 ๐ฏ16.0.1
SITGโConsulting Review & Dissection ๐ ๐๐๐๐ ๐๐๐๐ ๐
๐๐ ๐๐๐ ๐๐๐๐๐๐๐๐ ๐๐๐๐๐๐๐ ๐๐๐๐๐๐๐๐ The European Payments Council has released EPC342โ08 v16.0.1, its 2026 update on cryptographic algorithm usage and keyโmanagement practices. This deck provides SITGโConsultingโs independent review and dissection of the document - what it gets right, where it stops, and the enterpriseโlevel gaps it leaves unaddressed. Necessary, but not sufficient. This is ou
Brian Couzens
3 days ago1 min read
ย
ย
ย


NIST: CSF2.0
NIST CSF 2.0 may be one of the most important Quantum Readiness frameworks available today. Not because it contains a section on quantum computing. It doesn't. Not because it tells organisations which algorithms to deploy. It doesn't do that either. What CSF 2.0 does provide is something far more important. Governance. The 2024 update elevated governance to a core function, recognising that cybersecurity is no longer solely a technology challenge. It is a board, executive and
Brian Couzens
Jun 252 min read
ย
ย
ย


Moodys aligns with SITG-Position on PQC Risk
#Moody's may have delivered one of the most important post-quantum signals of 2026. Not because of a breakthrough in quantum computing. Not because of a new cryptographic standard. Because a global credit rating agency has started discussing Post-Quantum Cryptography (PQC) as a budgetary, governance and enterprise risk issue. For many years, this has been the position of SITG-Consulting. Our Quantum Risk White Paper, first published in 2024, revised in December 2025 and again
Brian Couzens
Jun 192 min read
ย
ย
ย


THE DEFINITIVE CBOM OPERATING MODEL
From "Dark Matter" Liability to Defensible Fiduciary Asset 1. Executive Summary: The Fiduciary Imperative In a $100T digital economy, cryptography is the invisible keel holding the ship of state and commerce upright. It secures identity, privacy, and value transfer. Yet 95% of enterprises operate with near-zero visibility into where this cryptography lives, how it behaves, or whether it remains fit for purpose (NIST). This hidden exposure has evolved into Cryptographic Dark M
Brian Couzens
Jun 198 min read
ย
ย
ย


ISO/IEC 18033-2:2006/Amd 2:2026 has published.
Three post-quantum KEMs now sit inside one of the principal international standards for asymmetric encryption: ML-KEM, Classic McEliece and FrodoKEM. Read that again. Not one algorithm. Three. From three different mathematical families. Why this matters before the detail. A standards body had a choice. It could have ratified the market's preferred answer, ML-KEM, and closed the question. It did not. It standardised a structured lattice scheme, an unstructured lattice scheme a
Brian Couzens
Jun 162 min read
ย
ย
ย
bottom of page