PQHorizon
NIST IR 8547 · FIPS 203 / 204 · CNSA 2.0 deadline 2029

Nation-states are recording your encrypted traffic today to decrypt it once quantum hardware matures.

See what breaks before your auditor asks. PQHorizon builds a defensible cryptographic inventory and maps every finding to the NIST PQ migration standards — before your 2029 deadline turns into a fire drill.

Harvest-now-decrypt-later
Active today
Federal PQ deadline
2029 (CNSA 2.0)
Avg. cert lifetime
90–398 days
01 · Free preview

Run a real PQ-readiness check on any public domain.

A live TLS handshake from our server. No agents, no credentials, no fabricated findings — just what's negotiable over the public internet, mapped to NIST migration guidance.

The free preview inspects only publicly reachable TLS on port 443. No authenticated access is performed, and no scan data is stored.

What a full scan also surfaces

The free preview is public TLS only. A full PQHorizon scan covers your whole crypto footprint with continuous monitoring for drift.

Source-repo crypto

GitHub / GitLab read-only scan for RSA/ECC usage, hard-coded keys, and pinned-but-classical TLS clients.

findings— —
Dependency manifests

OpenSSL, BoringSSL, libsodium, JCE providers — flagged by version against PQ-capable releases.

findings— —
Cloud KMS & certs

AWS KMS, Azure Key Vault, GCP CMEK. Inventory of key algorithms, cert templates, and ACM/Let's Encrypt usage.

findings— —
Harvest-now-decrypt-later

Long-lived data exposure track: which datasets remain confidential past 2030 and rely on classical KEX in transit.

findings— —
02 · How it works

A defensible inventory, not a hype deck.

Discover

One read-only scan maps your full cryptographic footprint: TLS endpoints, certs, repos, dependencies, and cloud KMS.

Prioritize

Every finding is mapped to NIST FIPS 203/204 and CNSA 2.0 timelines, with a replacement priority — not a 200-page PDF.

Stay ready

Continuous monitoring catches new certs, repos, and dependencies as they ship. Not a one-time snapshot.

03 · Full scan

Book your full cryptographic inventory.

We'll reach out within one business day to scope a read-only scan across your repos, dependencies, and cloud KMS.

PQHorizon

Built for teams too small for a six-figure PKI platform, too exposed to wait.

The free preview inspects only public TLS endpoints, performs no authenticated access, and stores no scan data. Not legal or compliance advice.