Federal Agencies Urge Organizations to Prepare for Post-Quantum Transition

The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the National Institute of Standards and Technology have issued a factsheet on quantum capabilities and are encouraging organizations to start developing readiness strategies ahead of a transition to post-quantum cryptography.

CISA Director Jen Easterly, a 2023 Wash100 awardee, emphasized that critical infrastructure organizations in particular should start preparing for PQC migration. She said her organization’s objective is to ensure that public and private-sector entities have the resources and capabilities to properly transition.

The guidance lists steps organizations can take to create a quantum-readiness roadmap, such as creating a cryptographic inventory, interacting with technology vendors and evaluating the reliance of their supply chains on quantum-vulnerable security.

According to CISA, organizations can commence quantum risk assessments and gain visibility into application and functional dependencies on public-key cryptography in their environments if they have roadmaps and inventories in place.

NIST is planning to release an initial set of standards to protect against quantum capabilities in 2024, CISA said Monday.