up:: The Mandates MOC

CISA NSA NIST Quantum-Readiness Joint Guidance

The CISA NSA NIST Quantum-Readiness Joint Guidance is a non-binding U.S. federal factsheet, published jointly by the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the National Institute of Standards and Technology on August 21, 2023, that urges organizations to start preparing for post-quantum cryptography migration now by establishing a quantum-readiness roadmap, building a cryptographic inventory, and engaging their vendors. Its official title is “Quantum-Readiness: Migration to Post-Quantum Cryptography,” and it’s written for any organization while aimed principally at those that support critical infrastructure. It carries no statutory penalty and binds no one directly, yet sector regulators and cyber-insurance underwriters treat it as the baseline a well-run organization should be acting on.

Source: Quantum-Readiness: Migration to Post-Quantum Cryptography, CISA, published August 21, 2023; the factsheet itself, CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, marked TLP:CLEAR, as of August 21, 2023.

The short version:

  • It’s a joint factsheet from CISA, NSA, and NIST, published August 21, 2023, and commonly cited as the Quantum-Readiness Joint Guidance.
  • It’s informational, not a regulation. It sets no deadline, imposes no penalty, and doesn’t bind the private sector on its own.
  • It’s written for any organization, and it names critical-infrastructure operators as the primary audience.
  • Its core instruction is to start now, and it lays out an action set: stand up a project team, run cryptographic discovery, build a cryptographic inventory, prioritize the most sensitive and longest-lived data, and pull your vendors into the conversation early.
  • It’s one of the earliest authoritative U.S. federal statements that harvest-now-decrypt-later is a present risk, not a future one, which is what makes “start now” the whole point.

Think of it as the notice a city sends before it replaces every water main under a district. The first job is mapping every line in the walls and under the street, because a pipe you haven’t found is a pipe you can’t swap. And a lot of those lines belong to the utilities and contractors who built the system, so you get them on the phone early rather than the week the work starts. The Joint Guidance is that notice for cryptography: find what you have, figure out what matters most, and start the vendor conversations before the replacement parts even ship.

What is the CISA NSA NIST Quantum-Readiness Joint Guidance?

The Quantum-Readiness Joint Guidance is a three-page factsheet, marked TLP:CLEAR (shareable without restriction), that CISA, NSA, and NIST created to inform organizations about the impact of quantum computing on today’s cryptography and to encourage early planning for the move to post-quantum standards. It was published on August 21, 2023, roughly a year before NIST finalized its first PQC standards, so it frames the work as preparation for standards that were still in development at the time.

Source: CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, Background section, as of August 21, 2023.

The document explains that a cryptanalytically-relevant quantum computer (a CRQC) would be able to break the public-key systems that protect information today, and it names the specific algorithms at risk: RSA, Elliptic-Curve Diffie-Hellman (ECDH), and the Elliptic Curve Digital Signature Algorithm (ECDSA). Those, it says, will need to be updated, replaced, or significantly altered to use quantum-resistant PQC algorithms.

A few points about its standing are worth being precise on, because they change how you cite it:

  1. It’s a factsheet, not a standard or a rule. It gives recommendations and encouragement. It doesn’t publish an algorithm, set a compliance deadline, or issue a mandate. Its authority is the authority of a strong consensus recommendation from three of the most credible U.S. cryptographic bodies, not the authority of law.
  2. It predates the finalized PQC standards. It was written while NIST’s PQC standards were still drafts, expected in 2024, so it stops short of telling organizations to deploy or pilot PQC. It tells them to get ready, and it points vendors at the draft standards.
  3. “Joint Guidance” is how the field cites it; “factsheet” is what it calls itself. Both names point at the same August 2023 document. It’s frequently grouped with the CISA Post-Quantum Cryptography Initiative as CISA’s quantum-readiness outreach.

Who does the Quantum-Readiness Joint Guidance apply to?

The Joint Guidance applies to any organization, and it singles out critical-infrastructure operators as the audience it was written for. The factsheet says in its opening that the three agencies created it to inform organizations “especially those that support Critical Infrastructure” about the impact of quantum capabilities.

Source: CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, Background section.

Because it’s advisory, no organization is legally compelled to follow it. Its practical reach comes from the roles the three issuing agencies actually play:

  1. NIST publishes the cryptographic standards the rest of the ecosystem builds on, so a NIST-backed recommendation carries weight far beyond any single sector.
  2. NSA sets cryptographic requirements for national-security systems through CNSA 2.0, and that requirement propagates to defense contractors through procurement.
  3. CISA is the national coordinator for critical-infrastructure security, so its factsheets set the tone for what regulators in individual sectors expect.

That’s why a non-binding factsheet ends up mattering to organizations that never touch a federal contract. Sector regulators, procurement programs, and cyber-insurance underwriters look to it as a reference for what a reasonable, prudent organization should already be doing about quantum risk. It’s a professional-judgment read rather than a statutory one, but in practice the guidance functions as the floor: the thing you’re expected to have read and started acting on, so that “we hadn’t looked at it yet” stops being a defensible answer.

Is the Joint Guidance binding, or is it just advice?

It’s advice, and that distinction is exactly the point of confusion worth clearing up. The Joint Guidance is an informational factsheet with no regulatory force. None of the three agencies has direct authority to compel a private-sector organization’s cryptographic choices through this document: NIST publishes standards, CISA issues advisories, and NSA’s binding authority runs to national-security systems, not to the general private sector.

What the guidance does instead is create a defensibility bar. A dated, named, tri-agency recommendation is the kind of reference a regulator, an auditor, an insurer, or a plaintiff’s attorney reaches for when asking whether an organization took quantum risk seriously. That’s how advisory guidance becomes load-bearing: it doesn’t fine you, and it does define what “reasonable” looked like at the time. For the binding version of these timelines you go to the mandates the guidance sits alongside, CNSA 2.0 for national-security systems and NIST IR 8547 for the federal deprecation and disallowance schedule.

What quantum-readiness roadmap does it recommend?

The Joint Guidance recommends that organizations build a quantum-readiness roadmap, and it structures that roadmap around a project team, a cryptographic inventory, risk-based prioritization, and vendor engagement. The factsheet’s stated reason to start now is that a “catch now, break later or harvest now, decrypt later” operation means data with a long secrecy lifetime is already exposed, so the planning has to begin before a quantum computer exists.

Source: CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, “Why Prepare Now?” and the roadmap sections.

Here’s the roadmap as the factsheet actually lays it out, section by section:

StepWhat the factsheet recommends
1. Establish a project management teamStand up a quantum-readiness project team to plan and scope the migration, and have it initiate proactive cryptographic discovery to identify where the organization relies on quantum-vulnerable cryptography. Include cybersecurity and privacy risk managers who can prioritize the assets most exposed to a CRQC.
2. Prepare a cryptographic inventoryUse cryptographic discovery tools to find quantum-vulnerable algorithms in network protocols, in assets on end-user systems and servers (applications, libraries, firmware and software updates), and in the CI/CD development pipeline. Because discovery tools miss embedded cryptography, ask vendors for lists of the cryptography inside their products.
3. Prioritize with a risk assessmentFeed the inventory into the risk-assessment process. Record where quantum-vulnerable cryptography protects the most sensitive and critical datasets, estimate how long each dataset needs protection, and prioritize high-impact systems, industrial control systems, and anything with long-term confidentiality needs.
4. Discuss PQC roadmaps with technology vendorsEngage vendors to learn their quantum-readiness roadmaps and their timelines for testing and integrating PQC, across on-premises COTS and cloud. Plan for necessary contract changes so new products arrive with PQC built in and older products get upgraded to meet transition timelines.
5. Assess supply-chain quantum-readinessMap the organization’s dependencies on quantum-vulnerable cryptography across custom-built, COTS, and cloud, and understand how each vendor and cloud service provider will migrate. Custom-built and older systems will likely take the most effort to make quantum-resistant.

Source: CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, sections “Establish a Quantum-Readiness Roadmap,” “Prepare a Cryptographic Inventory,” “Discuss Post-Quantum Roadmaps with Technology Vendors,” and “Supply Chain Quantum-Readiness.”

One ordering detail is easy to miss and worth stating plainly: the factsheet puts the project team and cryptographic discovery first, and it treats the inventory as the thing that unlocks everything downstream. The reasoning it gives is that organizations are often unaware of how deeply their products, applications, and services depend on public-key cryptography, which leaves them with no visibility into their own exposure. You can’t assess or prioritize risk on cryptography you can’t see, so finding it comes first.

What does it say about harvest-now-decrypt-later?

The Joint Guidance treats harvest-now-decrypt-later as a present-day reason to act, and it’s one of the earliest authoritative U.S. federal documents to do so. In its own words, cyber threat actors “could be targeting data today that would still require protection in the future (or in other words, has a long secrecy lifetime), using a catch now, break later or harvest now, decrypt later operation.”

Source: CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, “Why Prepare Now?” section.

This is the logical hinge of the whole document. If the only quantum risk were future, an organization could reasonably wait for a quantum computer to appear before doing anything. HNDL removes that option for data with a long confidentiality lifetime, because an adversary can record encrypted traffic now and decrypt it years later once a CRQC exists. That’s why the factsheet asks organizations to identify their most sensitive, longest-lived datasets during the inventory step and prioritize those for migration first.

Why does it lean so hard on vendor engagement?

The Joint Guidance leans on vendor engagement because most of an organization’s quantum-vulnerable cryptography lives inside products it bought rather than code it wrote, and it can’t fix what its vendors control. The factsheet is direct about this, noting that discovery tools often can’t see embedded cryptography inside products and telling organizations to ask vendors for lists of the cryptography inside what they sell.

Source: CSI_QUANTUM_READINESS_MIGRATION_TO_PQC.PDF, “Prepare a Cryptographic Inventory” note and “Discuss Post-Quantum Roadmaps with Technology Vendors.”

The document asks organizations to do three vendor-facing things: learn each vendor’s quantum-readiness roadmap and migration timeline, plan for contract changes so new purchases arrive with PQC built in and existing products get upgraded, and treat COTS and cloud dependencies as first-class parts of the migration. It also carries a short “Technology Vendor Responsibilities” section aimed at manufacturers themselves, urging them to review NIST’s draft PQC standards and prepare to support PQC as soon as the standards finalize, framed as a Secure by Design responsibility. The practical upshot for a buyer is that a large share of the migration timeline is set by vendors’ vendor surfaces, not by the buyer’s own engineering pace, which is why the guidance wants those conversations started early.

How does it relate to the other mandates and standards?

The Joint Guidance is the broad-audience “get ready” advisory that sits above the more specific mandates and standards, translating their urgency into a plan any organization can start on. It doesn’t set deadlines of its own; it points at the documents that do.

Related documentHow it connects
NSA CNSA 2.0The binding requirement for U.S. national-security systems, with explicit transition dates. The Joint Guidance carries the same urgency to organizations that CNSA 2.0 doesn’t bind.
NIST IR 8547NIST’s deprecation and disallowance schedule (the 2030 and 2035 years). The Joint Guidance is the earlier “start preparing” advisory; IR 8547 is the later “here are the algorithms and dates.”
FIPS 203, FIPS 204, FIPS 205The actual PQC standards, which were still drafts when the guidance published. The guidance is preparation for exactly these.
CISA Post-Quantum Cryptography InitiativeCISA’s broader quantum-readiness program. The Joint Guidance is one of its foundational public artifacts.

The clean way to hold it: the Joint Guidance answers “what should we be doing right now, before the deadlines land,” while the mandates and FIPS standards answer “which algorithms, by when.” You cite the guidance for the roadmap and the vendor-engagement posture, and you cite CNSA 2.0 and IR 8547 for the dates.

What does it mean for your migration and your defensibility?

For a migration program, the Joint Guidance is the document that makes “we started” a defensible position and “we hadn’t looked” an indefensible one. It’s the earliest widely-cited tri-agency statement of the expected first moves, so an organization that stood up a project team, ran cryptographic discovery, built an inventory, and opened vendor conversations can point to a named federal reference for having done the reasonable thing on the reasonable timeline. An organization that did none of those, after August 2023, is answering a harder question from its regulator, its auditor, or its insurer.

The practical order of operations it sets is worth internalizing even outside a federal context: discovery and inventory come before planning, prioritization is driven by data sensitivity and secrecy lifetime rather than by system age, and vendor engagement starts early because so much of the timeline isn’t yours to control. That sequence is the through-line of nearly every credible quantum-readiness program published since.

Common misconceptions

  1. “It’s a regulation, so we have to comply.” It’s an informational factsheet with no statutory force and no deadline. It shapes what “reasonable” looks like; it doesn’t compel you the way a rule does. The binding dates live in CNSA 2.0 and NIST IR 8547.
  2. “It only applies to federal agencies.” It’s written for any organization and aimed especially at critical-infrastructure operators. Its reach into the private sector runs through sector regulators, procurement, and insurers who treat it as a baseline reference.
  3. “It tells us which algorithms to deploy.” It predates the finalized PQC standards, so it stops at “get ready.” The algorithm-to-algorithm mapping and the deprecation dates come from NIST IR 8547 and the FIPS standards, not from this factsheet.
  4. “It says to pilot PQC right away.” Because the standards were still drafts in August 2023, the factsheet asks organizations to prepare and asks vendors to test against the drafts. It doesn’t instruct organizations to pilot or deploy PQC. That guidance came later, once the standards finalized.
  5. “The inventory is just an IT asset list.” The factsheet asks for a cryptographic inventory built with discovery tools across network protocols, end-user systems, servers, and the CI/CD pipeline, plus vendor-supplied lists of embedded cryptography. Most existing asset inventories don’t capture cryptography at that level.

Questions people ask

Is the Quantum-Readiness Joint Guidance mandatory? No. It’s a non-binding informational factsheet from CISA, NSA, and NIST. It sets no deadline and carries no penalty. Its influence comes from being the tri-agency reference that regulators, procurement programs, and insurers treat as the baseline for a prudent organization.

When was it published, and is it still current? It was published August 21, 2023, and its recommendations, inventory first, prioritize by data sensitivity, engage vendors early, remain the standard first moves. The one thing to layer on top is that the PQC standards it anticipated are now final, so the “get ready” posture now connects to real, deployable algorithms and to the dated schedule in NIST IR 8547.

Who actually has to follow it? No one is legally required to. It’s written for any organization and aimed at critical-infrastructure operators. In practice, organizations in regulated sectors follow it because their regulators and insurers use it as a reference for reasonable quantum-risk management.

What’s the first thing it tells us to do? Stand up a quantum-readiness project team and start cryptographic discovery to find where your systems depend on quantum-vulnerable cryptography. The factsheet treats that inventory as the prerequisite for every later step, because prioritizing and planning both start from seeing your own cryptography clearly.

Why does it push so hard on talking to vendors? Because most quantum-vulnerable cryptography sits inside products you bought, not code you wrote, and discovery tools often can’t see cryptography embedded in those products. The factsheet tells you to ask vendors for lists of the cryptography in their products, learn their PQC roadmaps, and plan contract changes so future purchases ship with PQC built in.

How does it relate to CNSA 2.0 and NIST IR 8547? The Joint Guidance is the broad “start preparing now” advisory. CNSA 2.0 is the binding requirement for national-security systems, and NIST IR 8547 carries the algorithm deprecation and disallowance dates. You cite the guidance for the roadmap; you cite the other two for the deadlines.

Does it mention harvest-now-decrypt-later? Yes, explicitly. It warns that threat actors could be targeting long-secrecy-lifetime data today using a “catch now, break later or harvest now, decrypt later” operation, and that’s the reason it gives for starting migration planning before a quantum computer exists.

What happens if we ignore it? Nothing directly, since it imposes no penalty. The exposure is indirect: after August 2023, an organization that took none of the recommended first steps has a weaker answer for a regulator, auditor, insurer, or litigant asking whether it managed a known, federally-documented risk in a reasonable way.


Everything here is the map, given freely. When your team needs this guidance turned into a cryptographic inventory and a phased migration sequenced against your own systems and vendors, that’s the work I do. Request an alignment briefing.

Last verified 2026-07-09 · Maintained by Addie LaMarr, LaMarr Labs.