Request Consultation
Request Consultation

FIPS 140

Compliance

Technology

Industries

FIPS 140-3 Validated Software

Post-Quantum Cryptography

Entropy

Extended Support



Post-Quantum Cryptography (PQC) Compliance Standards

Key Compliance Mandates Shaping the Future of Cryptography

 

 

Post-Quantum Cryptography is Now a Compliance Imperative

As quantum computing advances from theoretical to inevitable, compliance with post-quantum cryptography (PQC) standards is now a critical priority for regulated organizations.

Governments around the world are issuing directives, guidance, and timelines to sunset vulnerable algorithms and mandate migration to quantum-resistant cryptographic solutions.

secure-your-tls-connections-against-quantum-threats

 

United States – NSM-10, OMB M-23-02, Quantum Cybersecurity Preparedness Act

hybrid-pqc-mode-for-fips-140-3

 

National Mandates and Timeline

The U.S. federal government leads global efforts through:

  • NSM-10 – Requires all federal agencies to begin PQC migration and mitigate most quantum risk by 2035.
  • OMB M-23-02 – Mandates annual inventories of quantum-vulnerable systems through 2035, prioritized by High-Value Assets.
  • Quantum Cybersecurity Preparedness Act – Requires inventories and preparation of PQC migrations; OMB must issue guidance within one year of NIST final standards (released August 2024).
  • Executive Order 14144 - President Trump’s revised EO (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity”) maintains PQC urgency but streamlines the roadmap. It removes prescriptive agency mandates and delegates oversight to NSA and OMB. CISA and NSA must publish a list of quantum-safe product categories by December 1, 2025, with TLS 1.3 (or successor) adoption required by January 2, 2030.

NIST PQC Algorithm Standards (Finalized August 2024)

NIST officially released the first three PQC standards:

  • FIPS 203 – ML-KEM (Key Encapsulation)
  • FIPS 204 – ML-DSA (Digital Signatures)
  • FIPS 205 – SLH-DSA (Hash-based Signatures)

CMVP implementation guidance (IG 10.3.A) now mandates:

  • Self-tests and consistency checks
  • ACVP test tool support
  • Pair-wise consistency tests for validated FIPS 140-3 modules

This marks the start of the compliance clock across U.S. agencies.

nist-logo-large-300x79-1

 

IETF TLS Hybrid PQC Mode for FIPS 140-3

pqc-compliance-standards

 

Why Hybrid Matters

Hybrid cryptographic approaches, combining traditional and PQC algorithms, offer transitional resilience. IETF’s Post-Quantum Use in Protocols (PQUIP) working group finalizes hybrid TLS and digital signature profiles.

FIPS 140-3 Support

Hybrid algorithms can now be validated under FIPS 140-3 as long as one component is NIST-approved (e.g., ML-DSA). This supports compatibility, downgrade resistance, and gradual integration.

NSA CNSA 2.0 – Cryptography for National Security Systems

CNSA 2.0, released in September 2022, establishes a post-quantum baseline for National Security Systems (NSS) and mandates a phased transition from RSA, ECDH, and other legacy public-key cryptography.

Transition Requirements

  • January 1, 2027: All new NSS acquisitions must be CNSA 2.0 compliant
  • December 31, 2025: Existing NSS must meet CNSA 1.0 or request a waiver
  • 2033: Final mandatory compliance date for most system types

Supported Algorithms

  • CRYSTALS-Kyber (ML-KEM)
  • CRYSTALS-Dilithium (ML-DSA)
  • LMS/XMSS (for signing)
  • AES-256, SHA-384/512 (symmetric)

CNSA-2.0-compliance

 

SafeLogic Accelerates Your Path to Post-Quantum Compliance:

Certified drop-in modules
FIPS 140-3 + PQC support
CNSA 2.0 hybrid mode
CryptoComply PQ TLS
Ongoing compliance guidance

Explore PQC Software

cryptocomply-2

 

Ready to Migrate? SafeLogic Makes PQC Compliance Easy.

Let's talk about your PQC migration roadmap. Call us at 844-436-2797 or complete the form below.