SATCOM & Defence Teams · Free Tool
Ten questions. An instant cryptographic readiness score for satellite and command-and-control system operators. This tool assesses link encryption protocols, hardware update feasibility, key management infrastructure, and CNSA 2.0 compliance status to produce a tiered migration priority score aligned with NSA and NIST deadlines. No account required. No email or company details are transmitted or stored. Results data is anonymised.
This tool scores satellite communications and command-and-control system operators on their cryptographic migration readiness across seven weighted factors. The scoring model is aligned with CNSA 2.0 (NSA CNSSP-15 v2.1, December 2024), NSM-10 (May 2022), and NIST FIPS 203/204/205 migration guidance.
The seven factors are: operational domain (ground, airborne, maritime, space), link encryption protocol, hardware update feasibility, remaining operational lifetime, security classification level, key management infrastructure maturity, and current migration programme status. Each factor is weighted to reflect its relative contribution to migration urgency. Operational lifetime and hardware update feasibility carry the highest weights because they represent the longest-lead constraints in SATCOM migration programmes.
The output is a score from 0 to 100 and a readiness tier (Low, Moderate, High, or Critical urgency). A Critical score does not mean cryptographic failure is imminent. Current RSA and ECC implementations remain computationally secure. The risk is structural and prospective: the migration to ML-KEM-1024 and ML-DSA-87 must be planned and executed before a cryptographically relevant quantum computer exists, and hardware replacement programmes for space segment assets require seven to ten years from programme initiation to operational deployment.
This tool is a directional indicator based on self-reported information. It does not constitute a cryptographic audit, a penetration test, or a formal compliance assessment.
Quantum Security Defence does not collect, associate, or retain your name or your company name when you use these tools. All information is stored only for the duration of the browser session.
We collect only country, industry, and results data. This information is anonymised and cannot be associated with you or your company. Such anonymised data may be used for industry-level reporting, shared with members, incorporated into our research, and provided to government departments to support lobbying activity and the communication of industry readiness.
By using this tool, you consent to the provision of results data on a strictly anonymised basis. No personal name, email address, or company name is stored.
Which country does your satellite or C2 system operate from?
Country determines which regulatory frameworks and migration deadlines apply. US and NATO-allied operators face specific CNSA 2.0 and NSM-10 obligations for National Security Systems. Non-US/NATO operators face ITAR/EAR export control considerations and may follow ETSI or national guidance. Country does not affect the numerical score but determines which regulatory context panel appears on your results page.
Country is detected automatically from your connection and may be changed here. It is recorded anonymously alongside your results and cannot be associated with you or your organisation.
Which sector best describes your organisation?
Sector determines which compliance framework context appears on your results page. Defence and national security operators face CNSA 2.0 and NSM-10 obligations. Commercial operators face ITAR/EAR, ETSI, and contractual obligations with their satellite platform providers. Sector does not affect the numerical score.
The Industry selection is required and recorded anonymously. Your industry may impact your score. Be sure to choose your nearest industry category.
Add your name and organisation to personalise your PDF report.
This information is used only to generate your downloadable PDF report. It is stored in your browser session only and is never transmitted to any server. Your name and organisation will not be associated with your results in our records.
Your name and organisation are stored in your browser session only. They are used to personalise your PDF report and are never transmitted to any server or stored in our systems.
Which best describes the operational domain of the system you are assessing?
Select the option that most accurately describes the primary function and classification of the satellite or C2 system you are assessing. If you are assessing a ground-segment-only system with no direct space segment interface, select that option. This question determines the baseline risk profile for your system type and influences which regulatory context applies.
Which protocol is the primary link encryption mechanism used on this system?
Select the protocol that provides the primary cryptographic protection for your satellite uplink, downlink, or C2 data link. If multiple protocols are in use across different system segments, select the one covering the highest-classification traffic. If you use NSA Type 1 devices (KG-series or High Assurance Internet Protocol Encryptor equivalent), select that option regardless of the underlying waveform.
How feasible is a cryptographic update to the space segment hardware?
This question is the most operationally significant in the assessment. The space segment hardware update feasibility determines whether cryptographic migration is a software programme, a hardware replacement programme, or falls somewhere between the two. For ground-segment-only systems, select the ground segment option.
What is the expected remaining operational lifetime of the system being assessed?
For space segment assets, this is the expected time until end-of-life, deorbit, or scheduled replacement programme. For ground segment systems, this is the expected time until the next major infrastructure refresh. Remaining operational lifetime is compared against CNSA 2.0 migration deadlines (2027-2033 for NSS, per CNSSP-15 v2.1).
What is the highest security classification level handled by this system?
Classification level determines the scope of CNSA 2.0 obligations. NSA CNSA 2.0 applies to National Security Systems (NSS), defined under FISMA as systems that process classified information or are critical to defence or intelligence functions. Select the highest classification level that applies to any traffic or data this system handles.
Which key management infrastructure (KMI) does this system use?
Key management infrastructure is a critical dependency in any cryptographic migration. CNSA 2.0 requires migration to ML-KEM-1024 for key establishment in NSS. The KMI must support the new algorithms before tactical devices can be updated.
What is the current status of your CNSA 2.0 or post-quantum migration programme for this system?
CNSA 2.0, published by NSA in September 2022 and updated in CNSSP-15 v2.1 (December 2024), sets specific migration deadlines for National Security Systems. The updated milestones are: all new NSS acquisitions must support CNSA 2.0 by 2027; equipment unable to support CNSA 2.0 must be phased out by 2030; the vast majority of NSS cryptography must be quantum-resistant by 2031; web, cloud, and custom applications must be exclusive by 2033.
