PQC Readiness

Post-Quantum Cryptography migration readiness and CNSA 2.0 compliance

Start PQC Assessment Generate Migration Plan View CBOM

Readiness Tier

Moderate Risk

Migration underway but incomplete. Continue replacing vulnerable algorithms.

PQC Readiness Score

72/100

Based on 3 assessments (2 completed)

Cryptographic Inventory

15 algorithms

8 vulnerable3 hybrid4 safe

Vulnerable (8)

RSA-2048RSA-4096ECDSA P-256ECDSA P-384DH-2048ECDH P-256Ed25519X25519

Transitioning (3)

X25519+ML-KEM-768 (hybrid)ECDSA+ML-DSA-65 (hybrid)RSA-3072+ML-KEM-768 (hybrid)

Safe (4)

ML-KEM-768AES-256-GCMSHA-3-256SHA-256

Migration Progress

Track your PQC migration across the five key phases

1Cryptographic Inventory100%

2Vulnerability Assessment80%

3Migration Planning60%

4Implementation20%

5Verification & Testing0%

CNSA 2.0 Alignment

NSA Commercial National Security Algorithm Suite 2.0 requirement checklist

ML-KEM (FIPS 203) for key encapsulation

ML-KEM-768 deployed for internal key exchange.

Met

ML-DSA (FIPS 204) for digital signatures

ML-DSA-65 used for code signing pipeline.

Met

SLH-DSA (FIPS 205) for stateless hash-based signatures

SLH-DSA-SHA2-128s configured for firmware signing.

Met

AES-256 for symmetric encryption

Some legacy services still use AES-128.

Not Met

SHA-384+ for hashing

SHA-256 in use; SHA-384 migration pending.

Not Met

XMSS/LMS for stateful hash-based signatures

Not yet evaluated for deployment.

Not Met

Hybrid key exchange for TLS 1.3

TLS endpoints not yet configured for hybrid mode.

Not Met

CNSA 2.0 Compliance:3 / 7 requirements met

PQC Readiness

Post-Quantum Cryptography migration readiness and CNSA 2.0 compliance

Start PQC Assessment Generate Migration Plan View CBOM

Readiness Tier

Moderate Risk

Migration underway but incomplete. Continue replacing vulnerable algorithms.

PQC Readiness Score

72/100

Based on 3 assessments (2 completed)

Cryptographic Inventory

15 algorithms

8 vulnerable3 hybrid4 safe

Vulnerable (8)

RSA-2048RSA-4096ECDSA P-256ECDSA P-384DH-2048ECDH P-256Ed25519X25519

Transitioning (3)

X25519+ML-KEM-768 (hybrid)ECDSA+ML-DSA-65 (hybrid)RSA-3072+ML-KEM-768 (hybrid)

Safe (4)

ML-KEM-768AES-256-GCMSHA-3-256SHA-256

Migration Progress

Track your PQC migration across the five key phases

1Cryptographic Inventory100%

2Vulnerability Assessment80%

3Migration Planning60%

4Implementation20%

5Verification & Testing0%

CNSA 2.0 Alignment

NSA Commercial National Security Algorithm Suite 2.0 requirement checklist

ML-KEM (FIPS 203) for key encapsulation

ML-KEM-768 deployed for internal key exchange.

Met

ML-DSA (FIPS 204) for digital signatures

ML-DSA-65 used for code signing pipeline.

Met

SLH-DSA (FIPS 205) for stateless hash-based signatures

SLH-DSA-SHA2-128s configured for firmware signing.

Met

AES-256 for symmetric encryption

Some legacy services still use AES-128.

Not Met

SHA-384+ for hashing

SHA-256 in use; SHA-384 migration pending.

Not Met

XMSS/LMS for stateful hash-based signatures

Not yet evaluated for deployment.

Not Met

Hybrid key exchange for TLS 1.3

TLS endpoints not yet configured for hybrid mode.

Not Met

CNSA 2.0 Compliance:3 / 7 requirements met