Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Quantum Readiness

Is your codebase quantum-ready?

Harvest-now, decrypt-later attacks are happening today. O3 finds every cryptographic asset in your stack, classifies it against CNSA 2.0, and gives you a migration roadmap before 2030 makes it urgent.

Get your assessment Explore CBOMkit
100+cryptographic algorithms detected
4-tierCNSA 2.0 classification system
2030RSA-2048 break-year estimate
<10minto first cryptographic finding
How it works

Three steps from unknown risk to clear roadmap.

01

Discover all cryptographic assets

O3 scans every repository, dependency, and infrastructure config to build a complete cryptographic bill of materials — every key, certificate, algorithm, and protocol in use.

02

Classify by CNSA 2.0 compliance

Each asset is mapped against the NSA CNSA 2.0 suite and NIST PQC standards. You see exactly which algorithms are quantum-vulnerable and when they expire.

03

Get your migration roadmap

A prioritized, dependency-aware migration plan — from highest-risk assets to lowest — so your team knows exactly what to replace and in what order.

The quantum threat timeline

The window to act is closing. Faster than most teams realize.

2024
Now
Harvest now, decrypt later
Nation-state actors are collecting encrypted traffic today to decrypt once quantum computers mature.
2025
Imminent
NIST PQC standards finalized
FIPS 203, 204, 205 are published. Compliance frameworks begin requiring PQC-ready systems.
2027
Approaching
Federal mandate deadline
US federal agencies required to inventory and migrate cryptographic assets. Enterprise follow-on mandates expected.
2030
Critical
RSA-2048 considered broken
Cryptographically relevant quantum computers reach threshold. RSA-2048, ECC P-256, and Diffie-Hellman become exploitable.

Book a quantum readiness assessment.

Our team maps your cryptographic exposure, scores it against CNSA 2.0, and delivers a prioritized migration plan in under two weeks.

Book assessment
FAQ

Questions,
answered.

Everything teams ask before rolling this out. Still stuck? Reach our team.

  • Post-quantum cryptography (PQC) refers to algorithms designed to resist attacks by quantum computers. It matters now because adversaries can already capture encrypted traffic today and decrypt it later when quantum computers mature. This is called harvest-now-decrypt-later. NIST published the first PQC standards in 2024 (FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA). The NSA CNSA 2.0 mandate deprecates RSA and ECDSA in US national security systems by 2030 and removes them entirely by 2033.
  • O3 scans source code, build artifacts, container images, infrastructure-as-code, HSM PKCS#11 configurations, TLS handshakes, and certificate stores. It identifies algorithms in use, key sizes, certificate chains, and crypto library versions across more than 100 algorithm types. Every finding is mapped to a quantum-readiness tier and a recommended PQC equivalent.
  • Tier 1 is broken or already weak in classical terms. Tier 2 is quantum-vulnerable and must be replaced before 2030. Tier 3 is hybrid-acceptable for transition. Tier 4 is NIST PQC standard (FIPS 203, 204, 205) and quantum-safe. Each finding includes an estimated break year and a recommended migration target.
  • Yes. The report aligns with NSA CNSA 2.0, NIST SP 800-208, BSI TR-02102, ENISA PQC guidance, and the cryptographic provisions in the EU Cyber Resilience Act. For Indian regulated industries, it covers the CERT-In v2.0 cryptographic inventory fields used in SBOM submissions.