The US National Security Agency (NSA) has released guidance regarding the Commercial National Security Algorithm Suite 2.0. The “advisory notifies National Security Systems (NSS) owners, operators, and vendors of future requirements for quantum-resistant (QR) algorithms for NSS.” NSA expects owners and operators of NSS to begin using QR algorithms by 2035.
The trick here is not to jump the gun, only deploying algorithms which have been vetted and approved by NSA, NIAP, etc. Read the caveats for each of the approved algorithms as they apply to the data you’re protecting. Note the timeline recommends software and firmware signing to start migrating immediately. Expect to be required to include language for support of CNSA 2.0 algorithms in procurement contracts very soon.
Read more in
- Announcing the Commercial National Security Algorithm Suite 2.0 (PDF)
- NSA Releases Future Quantum-Resistant (QR) Algorithm Requirements for National Security Systems (press release)
- NSA sets 2035 deadline for adoption of post-quantum cryptography across national security systems
- NSA Releases Post-Quantum Algorithms, Aims for Full Implementation by 2035