The National Institute of Standards and Technology (NIST) is seeking comments on a preliminary draft of guidelines published Monday that aim to eventually detail how agencies can migrate to post-quantum cryptography.
“Advances in quantum computing could compromise many of the current cryptographic algorithms being widely used to protect digital information, necessitating replacement of existing algorithms with quantum-resistant ones,” NIST’s document reads.
It continues, “Previous initiatives to update or replace installed cryptographic technologies have taken many years, so it is critical to begin planning for the replacement of hardware, software, and services that use affected algorithms now so that data and systems can be protected from future quantum computer-based attacks.”
NIST worked in conjunction with the National Cybersecurity Center of Excellence (NCCoE) to publish the draft document – Migration to Post-Quantum Cryptography – on April 24.
A major theme of the document is to help organizations understand the security architecture in their networks so that they firmly grasp where post-quantum security measures will need to be implemented, and where to prioritize modernization. NIST also aims to compile a definitive inventory of software vendors to support post-quantum cryptography migration.
NCCoE and NIST are seeking public feedback on the draft guidance, hoping to draw from industry’s expertise to form ubiquitous best practices in quantum-resilient cryptography.
The public comment period for the draft is open through June 8. The agency said as the project progresses, the preliminary draft will be updated, and additional volumes will be released for comment.
According to the draft document, this new guidance from NIST follows its ongoing effort to finalize its quantum-resistant algorithms in 2024 – after identifying four of them in 2022.
The agency also announced partnerships with 12 private sector companies to help develop quantum-resilient algorithms and implement them nationwide, including Amazon Web Services, Microsoft, and Dell.
Both of these efforts follow President Biden’s National Security Memorandum by leveraging Federal resources to help all U.S. digital systems migrate to quantum-resilient cybersecurity standards by 2035.
