Licensing and Access Control for PQC in AppViewX

Licensing

PQC readiness in AppViewX is implemented and evaluated via the Quantum Trust Hub, the command center for tracking and managing your PQC readiness efforts.

The Quantum Trust Hub is built to work as an extension to AppViewX’s flagship certificate lifecycle management product, CERT+ (and not as a standalone product/module); to be able to explore the full capability of the Quantum Trust Hub, your CERT+ license must be upgraded as required.

For non-licensed users, the Quantum Trust Hub offers a focused read-only view of the existing certificate inventory’s PQC readiness. For instructions to access this read-only view, click here.

For licensed users, the Quantum Trust Hub includes dashboards, inventories, and the ability to create custom quantum-safety policies, essentially everything you need to get a holistic view of your organization’s PQC readiness and the required remediations. For instructions to view the Quantum Trust Hub, click here.

Enabling ACF Permissions for Quantum Trust Hub

Quantum Trust Hub uses role-based access control to ensure that only authorized users can access and perform operations such as running reports, managing inventory, setting policies, viewing alerts, and uploading to the library. ACF enablement details are provided in the corresponding sections.

To enable the ACF permission for the user roles to access the Quantum Trust Hub, follow these steps:

  1. Go to Platform module IDENTITY > Role.
    You will be redirected to the Role page.
  2. Click on the role name to enable the ACF permission.

    You will be redirected to the Modify :: [RoleName] page, with the Information tab open by default.

  3. Switch to the Authorized Functions tab and expand the Quantum Trust Hub by clicking (Expand) icon. You can provide:
    1. Full access to Quantum Trust Hub feature by selecting corresponding checkbox which enables complete access to all features.
    2. Limited access to specific features by selecting the checkbox corresponding to features, such as Dashboard, Inventory, or Policy. This approach allows you to provide limited access without enabling the full Quantum Trust Hub.
  4. Click Save.

Full List of ACF Permissions for RBAC

The Post-Quantum Cryptography platform implements Role Based Access Control (RBAC) to manage user permissions and access levels. Administrators can enable or disable specific features and operations based on user roles, ensuring appropriate access control and security governance across the organization.

Admin Control: All operations listed below are RBAC based and can be enabled or disabled by the administrator according to organizational requirements and user role definitions.

ACF Permission Description
Quantum Trust Hub
Publish Reports Enable this option to allow report publishing on the platform. When enabled, users can generate and share reports across the organization.
Dashboard Access
Dashboard Access all organization reports, code, configuration, certificate scan results, and scan history from a single dashboard. This provides a centralized view of the organization's quantum readiness posture.
List of Scans
List of Scan Allows the user to access the inventory of scans conducted so far with their corresponding information.
View Allows the user to view and access all scans that have been performed, including scan details, timestamps, and status.
Export Enables the user to export the list of scans as CSV or Excel format for offline analysis and reporting.
Organization Report
Organization Report Enables viewing of organization-level reports and their related details, providing a comprehensive overview of the organization's cryptographic posture.
View Permits the user to view organization reports within the dashboard, including PQC scores and aggregate metrics.
Refresh Lets the user reload the organization report to show up-to-date information reflecting the latest scan results.
Code Scan Report
Code Scan Report Enables viewing of code scan reports with details on PQC readiness by class, method, and library.
View Permits the user to view code scan reports within the dashboard, including detailed analysis of cryptographic implementations in source code.
Refresh Lets the user reload the code scan report to show up-to-date information based on recent scans.
Configuration Scan Report
Configuration Scan Report Allows the user to review configuration scan results along with quantum-readiness status of system and application configurations.
View Permits the user to view configuration scan reports within the dashboard, including protocol and algorithm settings.
Refresh Lets the user reload the configuration report to show up-to-date information reflecting recent configuration changes.
Certificate Scan Report
Certificate Scan Report Allows the user to review detailed certificate scan results and their Post-Quantum status, including validity and cryptographic algorithm analysis.
View Permits the user to view certificate scan reports within the dashboard, showing certificate details and quantum vulnerability assessment.
Refresh Lets the user reload the certificate report to show up-to-date information based on the latest certificate scans.
Inventory Management
Note: The inventory provides access to code and configuration data. To view certificate-related data, enable the required permissions from the Certificate Inventory settings outside this menu under CERT+.
Code Inventory
Code Displays code inventory with details of repository, class, methods, library details, and their associated post-quantum readiness evaluation.
View Enables viewing of code inventory along with quantum-readiness status across classes and methods, providing granular visibility into cryptographic implementations.
Export Allows the user to export code inventory data in CSV or Excel format for reporting, analysis, and remediation planning.
Custom Library - Upload Allows the user to upload custom libraries so that non-standard libraries can be detected and evaluated along with other standard libraries. This ensures comprehensive coverage of proprietary and third-party cryptographic implementations.
Configuration Inventory
Configuration Central repository for reviewing configuration scans of servers for post-quantum readiness evaluation, including protocol settings and cryptographic parameters.
View Allows users to view configuration data with insights on post-quantum readiness, including detailed analysis of vulnerable settings.
Export Allows the user to export configuration inventory data in CSV or Excel format for documentation and compliance reporting.
Policy Management
Policy Provides access to custom policies where organizations can define rules and override the default quantum status of algorithms or protocols based on application criticality, compliance requirements, or organizational standards.
View Enables viewing of all configured policies and their related information, including policy rules, scope, and application.
Create Allows the user to define and add new policies with required configurations, enabling customization of quantum readiness criteria.
Modify Allows the user to modify existing policy configurations to adapt to changing security requirements or organizational priorities.
Delete Allows the user to delete existing policies and their related information when they are no longer needed or applicable.