With NIST having finalized FIPS 203 (ML-KEM), 204 (ML-DSA), and 205 (SLH-DSA) in August 2024, we're starting to evaluate our NAC infrastructure for post-quantum readiness and wanted to get some clarity on where ISE currently stands.

I know ISE 3.3 introduced TLS 1.3 for the Admin GUI, and ISE 3.4 extended TLS 1.3 support to EAP-TLS and TEAP-TLS — which is a meaningful step since TLS 1.3 is a prerequisite for any PQC key exchange. What I'm trying to understand is whether ISE has gone further than just enabling TLS 1.3.

Specifically:

1. Does ISE 3.4 or 3.5 support any PQC key exchange mechanisms (KEMs) such as ML-KEM within EAP-TLS or TEAP-TLS sessions? Even a hybrid mode like X25519MLKEM768 (the group now default in Chrome and supported in most modern browsers) would count.

2. Is there any "PQC Ready" or "hybrid" cipher suite language in the ISE roadmap or release documentation that I may have missed? I'm specifically looking for references to KEM algorithms or hybrid TLS groups like X25519MLKEM768 in the context of EAP or RADSec.

3. For RADSec, ISE running TLS 1.3 on the RADIUS-over-TLS channel — is there any plan or existing support for PQC cipher groups on that channel?

Context: TLS 1.3 support on the AAA plane is the necessary first step, but the actual quantum vulnerability is in the key exchange, not the TLS version itself. AES-GCM bulk encryption is already quantum-resistant; it's the asymmetric key exchange (ECDH, RSA) negotiated during the TLS handshake that is exposed to harvest-now-decrypt-later attacks. So the question is specifically about whether ISE can negotiate ML-KEM or hybrid KEM groups during the EAP tunnel setup.

Any input from folks who have dug into the ISE 3.5 security settings or seen anything in the roadmap would be appreciated. TAC references or release note pointers welcome.