NSA Commercial National Security Algorithm Suite 2.0
- Issuer
- National Security Agency(NSA)
- Effective date
- Sep 7, 2022
- Published date
- Sep 7, 2022
- Full text
- View full text →
Summary
NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) mandates transition timelines for National Security Systems (NSS) to post-quantum cryptographic algorithms. It supersedes CNSA 1.0 and establishes ML-KEM and ML-DSA as the required algorithms for NSS, with phased adoption milestones across firmware, software, and network equipment. The 2025 software and firmware deadline has passed; NSS networking equipment transitions are now active.
PKI impact
CNSA 2.0 mandates replacement of RSA and ECDSA in National Security Systems with hard government deadlines, directly forcing re-issuance of all PKI trust anchors and end-entity certificates within scope. The 2025 software/firmware deadline has passed, meaning NSS operators must now demonstrate documented progress. PIV/CAC credentials used in NSS identity infrastructure require re-issuance under ML-DSA to remain compliant by 2033.
Migration hints
- Inventory all X.509 certificates used in NSS environments — TLS/SSL endpoints, code-signing certificates, CA certificates, and PIV/CAC credentials — and map each to its classical algorithm for prioritization.
- Replace ECDSA/RSA certificates with ML-DSA-signed equivalents; ML-DSA-87 (security level 5) is mandated for most NSS applications.
- Re-key Root CAs with ML-DSA key pairs and distribute updated trust anchors to all NSS endpoints before issuing subordinate PQC certificates.
- For firmware and software signing, evaluate LMS/HSS (NSA preferred) or SLH-DSA; implement stateful key management infrastructure before deploying LMS.
- Coordinate PIV/CAC re-issuance with your agency identity management program — CNSA 2.0 compliance for personnel authentication credentials requires new key pairs, new certificates, and card re-issuance logistics.
Trust chain considerations
- Root CAs operating in NSS must be re-keyed with ML-DSA; any existing ECDSA or RSA root will be non-compliant when the 2033 full-compliance deadline arrives.
- Intermediate and subordinate CAs must be re-issued under the new PQC root trust anchors — a cascading re-issuance of the entire subordinate hierarchy is required.
Milestones (3)
| Deadline | Label | Type | Hard | Notes |
|---|---|---|---|---|
| OVERDUEJan 1, 2025 | Software & Firmware: Begin PQC adoption | Begin Migration | NSS software and firmware must begin incorporating CNSA 2.0 algorithms. Deadline passed January 2025. | |
| OVERDUEJan 1, 2026 | Networking Equipment: Begin PQC adoption | Begin Migration | NSS networking equipment must begin CNSA 2.0 transition. Deadline passed January 2026. | |
| Jan 1, 2033 | All NSS: Full CNSA 2.0 compliance | Full Compliance | All National Security Systems must exclusively use CNSA 2.0 algorithms by 2033. |
Algorithm references (5)
- ML-KEMFIPS 203Required
Replaces: RSA, ECDH
Required for key establishment in NSS. ML-KEM-1024 mandated for TOP SECRET systems.
- ML-DSAFIPS 204Required
Replaces: RSA, ECDSA
Required for digital signatures in NSS. ML-DSA-87 (level 5) mandated for most applications.
- SLH-DSAFIPS 205Recommended
Replaces: RSA, ECDSA
Acceptable stateless alternative for firmware signing where the hash-based security proof is preferred.
- XMSSSP 800-208Recommended
Replaces: RSA, ECDSA
Approved for firmware and software signing in NSS where stateful operation is carefully managed.
- LMS / HSSSP 800-208Recommended
Replaces: RSA, ECDSA
Approved for firmware and software signing in NSS. Preferred stateful hash-based option for code signing use cases.
Changelog (4)
| Date | Type | Description |
|---|---|---|
| Jan 15, 2026 | Status | NSA confirmed CNSA 2.0 timelines remain in effect. The January 2025 software/firmware Begin Migration deadline passed; NSA noted that National Security System operators are expected to show documented progress toward CNSA 2.0 adoption. |
| Jan 1, 2026 | Status | Networking equipment BEGIN_MIGRATION deadline reached. NSS network equipment vendors required to have begun CNSA 2.0 transition. |
| Jan 1, 2025 | Status | Software and firmware BEGIN_MIGRATION deadline reached. NSS software and firmware vendors required to have begun CNSA 2.0 algorithm integration. |
| Sep 7, 2022 | New | CNSA 2.0 published, superseding CNSA 1.0. Introduced PQC algorithm requirements and transition timelines for NSS. |
Issuer
National Security AgencyNSA
Type: GOVERNMENT
Region: US