NIST.gov (Compliance Reference)
nist.gov:443 · 2026-04-17 · Pentest
1 Critical
Executive Summary
CLASSICAL
Classification
TLSv1.3
TLS Version
unknown
Key Exchange
EC
Certificate
50
Risk Score
1 Critical
1 Medium
Findings
CRITICAL
Classical TLS Key Exchange on nist.gov:443
Harvest window
~10 years
~10 years
The endpoint nist.gov:443 negotiates TLS using a classical key exchange group (EC certificate). This is vulnerable to harvest-now-decrypt-later attacks. A quantum adversary recording this traffic today can decrypt it in approximately 10 years when cryptographically relevant quantum computers arrive.
Remediation:
Deploy Qveil in front of this endpoint to add ML-KEM-768 hybrid TLS. Zero backend changes required. Alternatively, migrate to a PQC-capable TLS stack.
SC-8SC-13SC-23
SC.3.177SC.3.185
MEDIUM
ECDSA Certificate on nist.gov:443
Harvest window
~12 years
~12 years
The certificate at nist.gov:443 uses ECDSA, which is vulnerable to Shor's algorithm on a quantum computer. While more resistant than RSA, ECDSA certificates will become forgeable as quantum computing matures.
Remediation:
Migrate to ML-DSA-65 certificates via Qid.
SC-8SC-17
SC.3.177