Government Mandates
What does NIST say?
Many of the public-key cryptographic standards we use today will be vulnerable to attacks from a large-scale quantum computer. To address this threat, the United States National Institute of Standards and Technology (NIST) initiated a rigorous process in 2016 to select quantum-resistant cryptographic algorithms to standardize.
Join us at this talk which will review this NIST PQC standardization effort, which culminated in the publication of the first set of PQC standards in August 2024, with ML-KEM, ML-DSA, and SLH-DSA. The talk will also detail the ongoing standardization of additional signature scheme(s), called “the on-ramp”, and the selection of HQC for an additional KEM standard.
Crucially, the talk will outline the necessary transition to those new standards. Migration timelines are given in NIST IR 8547, which proposes that currently approved quantum-vulnerable public-key algorithms will be disallowed after 2035. The talk will showcase the efforts of the National Cybersecurity Centre of Excellence’s Migration to PQC project, which is helping the community by tackling adoption issues, testing how different systems work together, and providing advice to speed up the global shift to secure cryptography against quantum threats.
Register HERE.
This webinar is presented by Quynh Dang who is a member of the Cryptographic Technology Group (CTG) at National Institute of Standards and Technology (NIST). He has worked in the field of applied cryptography for 20+ years. His interests include symmetric key, asymmetric key and post-quantum cryptography, and protocol security.
We will link to the video here once it has been presented.
Global Mandates
John Preuß Mattsson, an expert in cryptographic algorithms and security protocols at Ericsson recently did the following talk.
Abstract:
The mobile industry, with its unique characteristics, has been preparing for the transition to quantum-resistant cryptography for many years. As truly global standards, 4G and 5G require algorithms that are universally trusted and secure across all regions. Mobile networks are considered critical infrastructure, heavily regulated, and expected to adhere to government recommendations for migration timelines. However, performance and costs remain high priorities, which differs from national security systems. Hardware like base stations has a long lifecycle, often remaining in service for decades. 5G and 6G standards, heavily reliant on IETF standards for public-key cryptography, will introduce quantum-resistant algorithms in 2027–2028, and 6G will be quantum-resistant by design.
.
US Government Mandates
Governments around the world — including the U.S. through NIST and the Office of Management and Budget (OMB) — are now mandating that organizations begin transitioning to and actively monitoring the use of post-quantum cryptography. These mandates aren’t optional — and for good reason. They are a response to the very real threat posed by quantum computing’s ability to break today’s public-key encryption. Agencies and contractors are now required to identify where classical algorithms like RSA and ECC are still in use, report on cryptographic inventory, and ensure that systems are prepared to adopt quantum-resistant alternatives. Monitoring isn’t just about compliance — it’s about securing data that needs to remain confidential for years to come.
Use our Cryptographic Inventory product to meet these mandates.
From the US Government Executive Order
(i) By December 1, 2025, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), and in consultation with the Director of the National Security Agency, shall release and thereafter regularly update a list of product categories in which products that support post-quantum cryptography (PQC) are widely available.
US Government Executive Order: Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144