Search

NIST / US_FEDERAL

NIST Internal Report 8547 provides guidance on transitioning from classical public-key cryptographic algorithms (RSA, ECDSA, ECDH, DH) to the post-quantum standards defined in FIPS 203, 204, 205, and 206. It identifies classical algorithms slated for deprecation and establishes a timeline for disallowing their use in federal systems. The final version was published in 2025 following the initial public draft of November 2024.

CISA / US_FEDERAL

CISA's Post-Quantum Cryptography Initiative provides guidance, tooling, and resources to help federal agencies and critical infrastructure operators assess quantum risk and migrate to post-quantum cryptography. It includes the PQC Roadmap, sector-specific guidance, and collaboration with NSA and NIST on transition planning. CISA also operates the PQC Coalition to share threat intelligence and migration best practices with the private sector.

OMB / US_FEDERAL

OMB Memorandum M-23-02 directs federal agencies to inventory cryptographic systems and prioritize migration to post-quantum cryptography in accordance with NIST standards. Agencies must identify systems that use public-key cryptography and create actionable migration plans. The memo responds to National Security Memorandum NSM-10 and aligns with OMB's broader zero-trust strategy. All inventory and migration plan deadlines have now passed.

NSA / US_FEDERAL

NSA's Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) mandates transition timelines for National Security Systems (NSS) to post-quantum cryptographic algorithms. It supersedes CNSA 1.0 and establishes ML-KEM and ML-DSA as the required algorithms for NSS, with phased adoption milestones across firmware, software, and network equipment. The 2025 software and firmware deadline has passed; NSS networking equipment transitions are now active.

NIST / US_FEDERAL

NIST Special Publication 800-208 approves XMSS (RFC 8391) and LMS/HSS (RFC 8554) as stateful hash-based digital signature schemes for use in US federal information systems. These algorithms provide quantum-resistant signatures based solely on the security of cryptographic hash functions, with no reliance on structured algebraic hardness assumptions. Approved specifically for firmware and software signing use cases where signing volume is low and state can be managed carefully.

BSI / GERMANY

The German Federal Office for Information Security (BSI) provides a comprehensive migration guide for transitioning to post-quantum cryptography. BSI endorses a hybrid approach combining classical and PQC algorithms during the transition period and recommends NIST-standardised algorithms. The BSI technical guidelines (BSI TR-02102) are updated to incorporate ML-KEM and ML-DSA as recommended algorithms for German federal systems and industry.

NCSC / UK

The UK National Cyber Security Centre (NCSC) provides guidance on migrating to post-quantum cryptography, urging UK organisations to begin planning immediately. The NCSC recommends following NIST-standardised PQC algorithms and adopting a hybrid approach during transition. Aligned with the UK Government Cyber Security Strategy 2022–2030, the guidance targets government departments, critical national infrastructure operators, and large enterprises.

ANSSI / FRANCE

France's ANSSI published a position paper recommending a hybrid cryptographic approach during the PQC transition period, combining classical algorithms with post-quantum algorithms to ensure security even if newly-standardised PQC algorithms later prove vulnerable. ANSSI supports migration to NIST PQC standards but advocates retaining classical protection until PQC algorithms have accumulated sufficient real-world operational validation.

CRYPTREC / JAPAN

Japan's Cryptography Research and Evaluation Committees (CRYPTREC) published guidelines on post-quantum cryptography readiness for Japanese government systems and industry, and updated the e-Government Recommended Ciphers List in 2025 to include NIST PQC algorithms. CRYPTREC's evaluation process monitors international PQC standardisation and provides recommendations aligned with NIST FIPS 203, 204, 205, and 206.

CSA / SINGAPORE

The Cyber Security Agency of Singapore (CSA) has published advisory guidance encouraging organisations to begin preparing for the post-quantum transition. CSA recommends following NIST PQC standards (FIPS 203, 204, 205), adopting cryptographic agility, and conducting cryptographic asset inventories. The advisory targets Singapore government agencies, financial institutions, and critical information infrastructure operators.

ASD / AUSTRALIA

The Australian Signals Directorate (ASD) advises Australian government agencies and critical infrastructure operators to plan for post-quantum cryptography migration in alignment with NSA CNSA 2.0 and NIST PQC standards. ASD recommends ML-KEM and ML-DSA for new systems and urges organisations to complete cryptographic inventories and embed cryptographic agility into procurement processes.

ENISA / EU

The EU Network and Information Security Directive 2 (NIS2, Directive 2022/2555) requires essential and important entities across the EU to implement appropriate cryptographic measures as part of a risk-based cybersecurity framework. ENISA's technical guidelines explicitly incorporate post-quantum cryptography readiness as a forward-looking requirement. Member states were required to transpose NIS2 into national law by October 2024.

ETSI / GLOBAL

ETSI's Industry Specification Group on Quantum Safe Cryptography (ISG QSC) produces technical specifications and migration guidance for deploying post-quantum cryptography in real protocols. Key publications include ETSI TS 103 744 defining quantum-safe hybrid key exchanges that combine classical and PQC algorithms for TLS and other protocols, and ETSI TR 103 619 covering migration strategies. ETSI's work is complementary to NIST standards and directly informs EU and international deployment guidance.

IETF / GLOBAL

The IETF has standardized how post-quantum cryptographic algorithms are deployed in internet protocols including TLS 1.3, X.509 certificates, CMS, and SSH. Published RFCs include RFC 8391 (XMSS), RFC 8554 (LMS/HSS), and RFC 9370 (ML-KEM in TLS 1.3). Active work in the LAMPS working group has produced X.509 certificate profile RFCs for ML-DSA and SLH-DSA. These protocol-level standards are essential for real-world PQC deployment across internet infrastructure.

BSI — Germany

https://www.bsi.bund.de