The Government NIST Post-Quantum Deadline: What You Need to Know

The federal government has not been subtle about post-quantum migration requirements. Across multiple presidential directives, agency memoranda, and standards publications, the message is consistent: migrate to post-quantum cryptography, migrate now, and document your progress. The organizations that treat this as a future concern are misreading the policy landscape. The deadlines are not approaching. For several categories of systems, they have already arrived.

The Policy Framework

National Security Memorandum 10 (NSM-10) -- May 2022

NSM-10, signed by the President, established the foundational requirement for federal post-quantum migration. The memorandum directed agencies to inventory their cryptographic systems, identify quantum-vulnerable dependencies, and develop migration plans. NSM-10 was not advisory. It was a presidential directive with the force of policy. It assigned specific responsibilities to NIST, NSA, CISA, and individual agency heads.

NSM-10 recognized that the quantum computing threat is real, that the migration timeline will take years, and that the migration must begin before quantum computers arrive. The memorandum explicitly identified harvest-now-decrypt-later as a current threat, not a future one, noting that adversaries are already collecting encrypted data for future decryption.

OMB Memorandum M-23-02 -- November 2022

OMB M-23-02 provided the implementation framework for NSM-10. It required each federal agency to submit a cryptographic inventory to CISA and OMB by May 2023. The inventory must identify all systems that use public-key cryptography, the specific algorithms in use, the data sensitivity levels, and the replacement priority.

M-23-02 also required agencies to develop migration project plans that include timelines, milestones, resource requirements, and risk assessments. These plans must prioritize the transition of the most sensitive systems first. The memorandum made clear that agencies should not wait for a complete solution to begin migration; they should start with available tools and iterate.

CNSA 2.0 -- September 2022

The NSA's Commercial National Security Algorithm Suite 2.0 provides the most concrete timeline for National Security Systems (NSS). CNSA 2.0 specifies the following transition dates:

By 2025: Software and firmware signing must use CNSA 2.0 algorithms. Web servers, cloud services, and other networking equipment must support CNSA 2.0 key establishment.

By 2026: Network equipment (routers, VPN concentrators, firewalls) must use CNSA 2.0 algorithms for key establishment.

By 2027: Operating systems must support CNSA 2.0. Custom applications must be migrated.

By 2030: All remaining National Security Systems must complete transition to CNSA 2.0 algorithms.

These are not aspirational goals. They are requirements for systems that process classified information. The NSA has the authority to decertify systems that do not comply, effectively prohibiting their use for classified processing.

NIST FIPS 203, 204, and 205 -- August 2024

NIST finalized the three post-quantum cryptographic standards in August 2024. FIPS 203 (ML-KEM) standardizes lattice-based key encapsulation. FIPS 204 (ML-DSA) standardizes lattice-based digital signatures. FIPS 205 (SLH-DSA) standardizes hash-based signatures. These are final, published standards with assigned FIPS numbers. Federal agencies procuring new systems must require FIPS 203/204/205 support.

FedRAMP Implications

FedRAMP (Federal Risk and Authorization Management Program) governs the security authorization of cloud services used by federal agencies. As FIPS 203/204/205 become mandatory for federal systems, FedRAMP authorization requirements will incorporate post-quantum cryptographic controls.

Cloud service providers (CSPs) seeking or maintaining FedRAMP authorization should expect post-quantum requirements to appear in the FedRAMP baseline controls within the next two years. CSPs that proactively implement post-quantum controls gain a competitive advantage in the federal market. CSPs that wait will face a compressed compliance timeline when the requirements become mandatory.

For CSPs, the overlay approach provides a practical path: add post-quantum attestation to existing FedRAMP-authorized services without requiring re-authorization of the underlying platform. The attestation layer can be authorized as a separate component, accelerating the path to post-quantum compliance.

What Agencies Must Do Now

Complete the Cryptographic Inventory

If your agency has not completed the cryptographic inventory required by M-23-02, this is overdue. The inventory must identify every system that uses RSA, ECDH, ECDSA, or other quantum-vulnerable algorithms. It must include key sizes, protocol versions, data sensitivity classifications, and interconnections with other systems.

The inventory is not just a compliance exercise. It is the foundation for the migration plan. Without a complete inventory, you cannot prioritize systems, estimate costs, or track progress.

Prioritize High-Value Targets

Not all systems carry equal quantum risk. Systems that process classified information, personally identifiable information (PII), protected health information (PHI), law enforcement sensitive information, or financial data have the highest priority. Systems with long data retention requirements have higher priority than systems with ephemeral data.

Systems that communicate with external parties (other agencies, contractors, foreign governments) have higher priority because their traffic is more likely to be intercepted and stored for future decryption.

Enable Hybrid Key Exchange

The single most impactful action agencies can take today is enabling hybrid post-quantum key exchange on all TLS connections. This protects against harvest-now-decrypt-later for all new sessions. Major web servers and TLS libraries already support hybrid ML-KEM key exchange. Enabling it is a configuration change.

Deploy Post-Quantum Attestation

For agencies that need post-quantum protection for data integrity and provenance (audit trails, document signing, inter-agency communication), H33-74 attestation provides an overlay that adds three-family post-quantum signatures without modifying existing systems.

Plan for Procurement

Agencies must update procurement language to require FIPS 203/204/205 support in all new IT acquisitions. Systems procured today without post-quantum capability will need costly retrofitting within their operational lifetime. Including PQ requirements in procurement now avoids this future expense.

Contractor and Vendor Requirements

Government contractors face the same post-quantum requirements as the agencies they serve. DFARS (Defense Federal Acquisition Regulation Supplement) clauses will increasingly require post-quantum cryptographic controls, particularly for contractors handling Controlled Unclassified Information (CUI) and classified information.

Contractors should proactively implement post-quantum controls rather than waiting for contract-specific requirements. Contractors that can demonstrate post-quantum capability gain a competitive advantage in proposal evaluations. The CMMC (Cybersecurity Maturity Model Certification) framework is expected to incorporate post-quantum requirements in future revisions.

The Cost of Non-Compliance

For federal agencies, non-compliance with post-quantum requirements carries consequences beyond regulatory fines. Systems that do not meet CNSA 2.0 requirements may lose their authorization to process classified information. Agencies that fail to complete migration by the specified deadlines face IG (Inspector General) audit findings, congressional scrutiny, and potential budget implications.

For contractors, non-compliance risks contract termination, debarment, and False Claims Act liability if post-quantum controls were represented in contract deliverables but not actually implemented.

The federal post-quantum timeline is not a suggestion. It is a series of enforceable requirements with real consequences for non-compliance. The agencies and contractors that act now will meet the deadlines. Those that delay will not. The question is not whether to migrate. The question is whether to migrate on schedule or face the consequences of missing the deadline.