◉ Doc Rev 2.0.0 Classification · Public
Section 01 / 08
Execution provenance · system of record

Cryptographic
execution provenance
for regulated quantum
workloads.

Produce a signed, verifiable record of every quantum circuit your teams execute — with the audit content, retention, and non-repudiation your regulators already require for classical computation. Vendor-neutral across IBM Quantum, IonQ, and air-gapped hardware. Built on published NIST and NSA standards.

Download procurement packet Brief my security team
NIST SP 800-53 AU controls 21 CFR Part 11 ready CNSA 2.0 signatures Air-gap native SBOM & reproducible builds
AUDIT LEDGER · compliance view
Retention7 years
SignaturesML-DSA-87
ExportPDF · CSV
12
SP 800-53 AU controls
mapped & documented
CNSA2.0
Signature & KEM
default configuration
7yr
Sovereign retention
configurable tier
0
Cloud dependencies
in sovereign mode
3
Execution environments
one ledger of record
Part11
Electronic records
attestation ready
§ 02 · The control gap What your auditor will ask that your platform cannot answer
Observation

Quantum computation is now in scope for the controls
your auditor already enforces.

Regulated enterprises are beginning to run material workloads on cloud-hosted quantum processors. The controls around those workloads — audit trail, non-repudiation, electronic records integrity — look more like best-effort observability than the evidence compliance teams already require for safety-critical classical systems. The requirements exist. The capabilities do not.

The absence of enforcement action to date is not an exemption. The underlying requirements apply to any electronic record that informs a regulated decision.

01

NIST SP 800-53 — Audit & Accountability

Your ATO boundary requires comprehensive, tamper-protected, time-correlated audit records with non-repudiation (AU-2, AU-3, AU-8, AU-9, AU-10, AU-11, AU-12). Cloud quantum providers emit account-level API logs — not experiment-level records you can attribute to a named individual and prove have not been modified.

SP 800-53
02

21 CFR Part 11 — Electronic Records

FDA-regulated organizations must maintain secure, computer-generated, time-stamped audit trails that record creation, modification, and deletion of electronic records without obscuring previous versions (§11.10(e)). Today, quantum-derived results arrive as JSON payloads in customer buckets — no Part 11 trail over the full experiment lifecycle.

Part 11
03

CNSA 2.0 — Post-Quantum Cryptography

New NSS acquisitions must be CNSA 2.0–compliant by January 1, 2027. That means ML-DSA-87 signatures, ML-KEM-1024 key establishment, SP 800-208 firmware signing. Most quantum tooling does not yet implement these at NSS parameter levels. Your classical systems are migrating. Your quantum systems are not.

CNSA 2.0
04

Your Inspector General's next question

“Prove this quantum workload ran as approved, on validated hardware, in a known calibration state — and that the results you cite are the results it produced.” Most organizations cannot answer this with evidence today. They reconstruct. They assemble. They hope their spreadsheet holds up.

Audit
§ 03 · Compliance lifecycle One system of record · every workload · every environment

From researcher submission to auditor verification.

Nuqasm captures a cryptographically bound execution record at every stage of the quantum computation lifecycle — from the moment a researcher submits a workload to the moment an auditor verifies what ran. The record is signed, time-stamped, immutable, and complete. Your compliance team opens a dashboard. Your researcher keeps their existing workflow.

Stage 01submit

Researcher submits

Workload authored in Qiskit, PennyLane, or OpenQASM. Nuqasm captures the source, the submitter's signed approval, and the policy block declaring which environments are allowed.

Maps to AU-2 · AU-3 Part 11 §11.10(a) · §11.200
Stage 02seal

Workload is sealed

Packaged into a signed .qcap archive using ML-DSA-87 (CNSA 2.0 default) or ML-DSA-65 for non-NSS configurations. Tamper-evident, verifiable offline without network.

Maps to AU-9 · AU-10 Part 11 §11.10(e) · CNSA 2.0
Stage 03route

Policy routes

The sealed capsule runs where policy allows — simulator, UQBench appliance, or cloud QPU. Never modified. Always verified before execution. One source of truth.

Maps to AC-3 · AU-12 CM-5
Stage 04execute

Provenance captured

Runtime records the full chain: transpiled circuit, compiler version, hardware backend, calibration snapshot at execution, shot-by-shot results. Every attribute bound to the capsule signature.

Maps to AU-3 · AU-8 Part 11 §11.10(e)
Stage 05attest

Auditor verifies

Every execution writes an append-only record. Your compliance team queries, filters, exports audit-ready reports. Your auditor receives verifiable evidence — not a spreadsheet.

Maps to AU-6 · AU-11 · AU-12 Part 11 §11.10(c)
§ 04 · Control environments Three deployment modes · one trust boundary · your policy chooses

Policy determines destination. Not a different source of truth.

Nuqasm separates the execution environment from the source of truth. Policy declares where a workload may run. The runtime enforces it. The audit record is identical regardless of environment. Your compliance team reviews one ledger, not three.

environment · evaluateno cost

Simulator

For compliance and security teams assessing the control gap. No external data flow. Inherits host ATO.

Data residencyLocal only
NetworkOffline capable
RetentionLocal ledger · 1 yr
CertificationsHost-inherited
Use caseValidate workflow
Qubits20 (simulated)
environment · sovereignuqbench

Air-Gapped Appliance

Desk-side hardware with integrated QPU. Facility-local, no cloud dependency, SCIF-compatible.

Data residencyFacility-local
NetworkAir-gap enforced
RetentionAppend-only · 7 yr+
CertificationsDISA STIG (in progress)
Use caseClassified / NSS
Qubits15 physical
environment · managedcloud routing

Cloud Routing

Sealed workloads routed to approved QPU providers with Nuqasm-side capture of full execution record.

Data residencyProvider regions
Key exchangeML-KEM-1024
RetentionFederated · 3 yr
CertificationsFedRAMP Moderate (in progress)
Use caseProduction workloads
BackendsIBM Quantum · IonQ
RESEARCHER · SUBMIT Workload Qiskit · PennyLane · QASM SEAL · ML-DSA-87 Identity bound FIPS 204 · CNSA 2.0 EXECUTE · CAPTURE Full chain transpile · hw · calibrate · result LEDGER · APPEND Immutable AU-9 · §11.10(e) COMPLIANCE Dashboard quarterly report AUDITOR Verify offline signed evidence INSPECTOR Full provenance 7 year retention submit run record T₀ SUBMIT T₁ SEAL T₂ EXECUTE T₃ ATTEST T₄ VERIFY · RETAIN
§ 05 · Regulatory control mapping Every capability traces to a specific control

Procurement buys control satisfaction,
not features.

The table maps Nuqasm capabilities to the specific regulatory controls your compliance team is already responsible for. The full mapping — with evidence artifacts, control narratives, and auditor handoff documentation — is in the procurement packet.

FIPS 203 · 204 NIST SP 800-53 21 CFR Part 11 CNSA 2.0
SPEC · UQOS/CTRL · REV 2.0 Published mapping
AU-3Content of audit records
Every record includes submitter identity, timestamp, environment, hardware backend, calibration snapshot, execution outcome.
SP 800-53
AU-9Audit protection
Append-only ledger with cryptographic chain. Tamper-evident archives. No overwrite operations permitted.
SP 800-53
AU-10Non-repudiation
ML-DSA-87 signatures bind submitter identity to workload and execution record. Offline-verifiable.
FIPS 204
AU-11Retention
Configurable retention (1 yr / 3 yr / 7 yr+) with immutable storage. Policy-scoped per workload.
SP 800-53
§11.10(e)Audit trail
Secure, computer-generated, time-stamped audit trail that preserves full version history without obscuring previous records.
Part 11
§11.200Electronic signatures
ML-DSA signatures cryptographically bound to named individual. Unique, verifiable, indelibly linked to the record.
Part 11
Key exchangeCloud routing
ML-KEM-1024 quantum-resistant key encapsulation. No classical-only TLS paths for enterprise workloads.
CNSA 2.0
SP 800-208Firmware signing
Reproducible builds with signed release manifests. SBOM published per runtime version for procurement review.
Shipped
ParametersConfiguration
CNSA 2.0 default (ML-DSA-87 / ML-KEM-1024) for NSS. Lower parameters (ML-DSA-65 / ML-KEM-768) available for non-NSS deployments.
Configurable
§ 06 · Deployment by regulatory context Four regulatory contexts · specific control anchors for each

For the compliance team that already owns these frameworks.

Defense · intelligence · national security

CNSA 2.0 programs

Sovereign deployment with managed air-gap, classified-network compatible, CNSA 2.0 default signatures.

Frameworks: CNSA 2.0 · NIST SP 800-53 High · NIAP protection profiles
Buyer: Program security officer · authorizing official · ISSM
Financial services · market infrastructure

Model risk & algorithmic trading

Managed cloud routing with federated audit. Execution provenance for model risk committee review.

Frameworks: SR 11-7 · FFIEC · MiFID II Art. 17 · SOC 2 Type 2
Buyer: Head of model risk · CCO · operational risk lead
Life sciences · clinical research

Part 11 electronic records

IQ/OQ/PQ validation package, Part 11–compliant audit trail, electronic signature attestation.

Frameworks: 21 CFR Part 11 · EU GMP Annex 11 · ICH E6(R3)
Buyer: Head of quality · validation lead · Part 11 SME
National laboratories · federally funded research

FISMA & DOE compliance

Audit records aligned to the lab's existing FISMA boundary. Execution provenance for DOE peer review.

Frameworks: DOE Order 205.1C · FISMA · NIST SP 800-53 Moderate
Buyer: Cybersecurity program manager · designated approving authority
§ 07 · Pricing & access Priced below the compliance labor it replaces

Anchored to the cost of the alternative.

Anchor: Quantum execution provenance is currently handled — where it is handled at all — by 0.5 to 1 FTE of compliance analyst time per program, at roughly $120,000 to $180,000 per year in labor cost. Nuqasm is priced below that alternative at every tier.
Tier
Price
Includes
Action
Evaluate
$0 / no contract
20-qubit simulator, full sealing workflow, Qiskit / PennyLane / OpenQASM support, local ledger with 1-year retention. For compliance teams assessing the control gap.
Download runtime →
Standard
$80K–$120K / year
Simulator + cloud environments, 3-year audit retention, 5 compliance users, quarterly compliance reports, SOC 2 Type 2 evidence, full control mapping documentation.
Request quote →
Sovereign
$150K–$250K + UQBench CapEx from $200K
All environments including UQBench appliance, 7-year retention, unlimited users, custom audit templates, CNSA 2.0 default, classified-network compatible, dedicated compliance liaison.
Sovereign briefing →

No per-seat pricing for researchers. Price scales with environments, not people. Multi-year contracts available at discount for FedRAMP-authorized deployments. Pilot programs available for qualifying organizations, typically 90 days.

§ 08 · Next step Three doors · pick the one that fits your role

Self-serve to the document your team needs.

Compliance, security, and procurement teams work on different clocks with different evidence requirements. Each door below leads to the specific artifact or conversation that matches your role — without a forced sales call attached.

Direct contact

contact@nuqasm.com

engineering · not a shared inbox

01

Procurement packet

Full control mapping, SBOM, SOC 2 status, deployment architecture, pricing detail. Delivered as a PDF you can route to procurement, security, and legal simultaneously. No sales call attached.

Download PDF →
02

Technical briefing

30-minute call with engineering covering architecture, cryptographic implementation, audit record schema, SIEM integration. No commercial conversation — technical verification only.

Schedule briefing →
03

Pilot scoping

Commercial conversation with engineering lead and customer success. We map your regulatory context to our deployment options and size a 90-day pilot. Typically 45 minutes.

Request scoping →
FORM · request · v2 Classification · Internal