The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) recently published a factsheet about the impacts of quantum capabilities. The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic (PQC) standards by developing their own quantum-readiness roadmap.
The first set of PQC standards to protect against future, potentially adversarial, cryptanalytically-relevant quantum computer capabilities are being developed by NIST and planned for release in 2024. Having a roadmap and inventory enables an organization to begin the quantum risk assessment processes and provides needed visibility of application and functional dependencies on public-key cryptography that exist within their operational environment.
The joint factsheet, “Quantum-Readiness: Migration to Post-Quantum Cryptography” provides necessary steps and guidance to help organizations establish their own quantum-readiness roadmap. The new resource will help organizations understand how to prepare a cryptographic inventory, engage with technology vendors, and assess their supply chain reliance on quantum-vulnerable cryptography in systems and assets.
The factsheet also provides recommendations for technology vendors whose products support the use of quantum-vulnerable cryptography, including by reviewing the NIST-published draft PQC standards, ensuring products use post-quantum cryptographic algorithms, and preparing to quickly support forthcoming final NIST PQC standards.