Federal Agencies Set to Transition to Post-Quantum Cryptograph…

President Trump has signed an executive order mandating all federal agencies to transition their high-value assets and high-impact systems to post-quantum cryptography by specific deadlines. By December 31, 2030, these systems must adopt new key establishment protocols, while digital signatures must transition by December 31, 2031. This move is crucial to counter the 'harvest now, decrypt later' threat, where adversaries could potentially decrypt currently encrypted U.S. data in the future using large-scale quantum computers.

The executive order accelerates the timeline outlined in the 2022 National Security Memorandum 10 by several years. It aligns with the standards finalized by the National Institute of Standards and Technology (NIST) in August 2024, which include FIPS 203 for key establishment and FIPS 204 and 205 for digital signatures. These standards are now becoming actionable deadlines.

Federal agencies are under a tight schedule to meet these requirements. Within 30 days, each agency must appoint a PQC migration lead who will be responsible for managing the cryptographic inventory and migration plan. In 90 days, the Office of Management and Budget will issue guidance for agencies to evaluate and plan the migration of their high-value assets.

Furthermore, the Federal Acquisition Regulatory Council has 180 days to propose rules requiring 'covered contractors' to comply with NIST's FIPS by the end of 2030. Another rule is expected in 270 days to incorporate cryptographic vulnerabilities into contractor disclosure programs. Sector Risk Management Agencies and the Cybersecurity and Infrastructure Security Agency are tasked with assisting critical infrastructure operators in planning their own migrations.

Additionally, within 270 days, CISA and NIST will release the minimum elements for a cryptographic bill of materials, essential for inventory management and ensuring that agencies can adapt to new cryptographic standards swiftly. This push towards post-quantum cryptography is complemented by another order signed by the President, which emphasizes developing quantum computing capabilities. The effectiveness of these measures will be determined by the forthcoming guidance and rules, which will dictate federal procurement and compliance pressures by 2030 and 2031.

The week in cyber,
minus the noise.

Every Wednesday, our AI scans hundreds of sources and surfaces only the cybersecurity stories that actually matter. Free, and built to be read in five minutes.

50+ sources, one digestNo hype, no fillerA five-minute read

Federal Agencies Set to Transition to Post-Quantum Cryptography by 2031

The Wednesday dispatch

Enjoyed this read?

Our AI distills the week's cybersecurity news into one email, free every Wednesday. No noise, no spam.

sec-news.ai

Federal Agencies Set to Transition to Post-Quantum Cryptography by 2031

Executive Summary

Actionable Insights

The week in cyber,
minus the noise.

CVE intelligence on a budget

Federal Agencies Set to Transition to Post-Quantum Cryptography by 2031

Enjoyed this read?

Executive Summary

Actionable Insights

The week in cyber, minus the noise.

Related dispatches

LastPass Breach Highlights Vulnerabilities in Klue Supply Chain

Critical Backdoor Discovered in ShapedPlugin WordPress Pro Plugins

Massive Credential Theft Targets FortiGate Firewalls, Puts Enterprises at Risk

CVE intelligence on a budget

Federal Agencies Set to Transition to Post-Quantum Cryptography by 2031

Enjoyed this read?

The week in cyber,
minus the noise.